Lucene search

GoogleOSV:CVE-2022-3809

HistoryNov 02, 2022 - 1:15 p.m.

CVE-2022-3809

2022-11-0213:15:16

Google

osv.dev

axiomatic bento4

parsecommandline

denial of service

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

46.3%

JSON

A vulnerability was found in Axiomatic Bento4 and classified as problematic. Affected by this issue is the function ParseCommandLine of the file Mp4Tag/Mp4Tag.cpp of the component mp4tag. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212666 is the identifier assigned to this vulnerability.

References

github.com/axiomatic-systems/Bento4/files/9653209/poc_Bento4.zip

github.com/axiomatic-systems/Bento4/issues/779

vuldb.com/?id.212666

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

46.3%

JSON

Related for OSV:CVE-2022-3809