Lucene search

GoogleOSV:CVE-2022-3816

HistoryNov 01, 2022 - 10:15 p.m.

CVE-2022-3816

2022-11-0122:15:12

Google

osv.dev

axiomatic bento4

mp4decrypt

memory leak

remote attack

cve-2022-3816

vdb-212682

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

50.0%

JSON

A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212682 is the identifier assigned to this vulnerability.

References

github.com/axiomatic-systems/Bento4/files/9727059/POC_mp4decrypt_654515280.zip

github.com/axiomatic-systems/Bento4/issues/792

vuldb.com/?id.212682

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

50.0%

JSON

Related for OSV:CVE-2022-3816