Cyber Resilience

CVE-2024-57509

High

Published: 29 January 2025

Published
29 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 37.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57509 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 37.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-57509 is a buffer overflow vulnerability (CWE-120) in the Bento4 mp42avc tool at commit 3bdc891602d19789b8e8626e4a3e613a937b4d35. The issue resides in the AP4_File::ParseStream and related functions, earning a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It was published on 2025-01-29.

A local attacker with low privileges can exploit this vulnerability without user interaction by providing malicious input to the affected mp42avc functions, leading to arbitrary code execution on the target system.

Mitigation details are available in the Bento4 GitHub issue (https://github.com/axiomatic-systems/Bento4/issues/989) and a related proof-of-concept gist (https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24).

EU & UK References

Vulnerability details

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Local buffer overflow in media parsing tool (mp42avc) directly enables arbitrary code execution via crafted input file, mapping to client-side exploitation technique.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2020-37024Shared CWE-120
CVE-2025-25565Shared CWE-120
CVE-2020-37050Shared CWE-120
CVE-2020-37010Shared CWE-120
CVE-2025-0725Shared CWE-120
CVE-2026-6691Shared CWE-120
CVE-2025-66287Shared CWE-120
CVE-2020-37075Shared CWE-120
CVE-2020-37028Shared CWE-120
CVE-2020-37042Shared CWE-120

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the buffer overflow vulnerability in Bento4 mp42avc by identifying, patching, and updating the affected software version.

prevent

Implements memory protections such as non-executable stacks, ASLR, and guard pages to block arbitrary code execution from buffer overflows in AP4_File::ParseStream.

prevent

Enforces validation of information inputs to mp42avc, preventing malformed streams from triggering the buffer overflow during parsing.

References