Lucene search

[email protected]CVE-2022-3784

HistoryOct 31, 2022 - 9:15 p.m.

CVE-2022-3784

2022-10-3121:15:12

CWE-119

CWE-787

[email protected]

web.nvd.nist.gov

cve-2022-3784

vulnerability

axiomatic bento4

buffer overflow

heap-based

remote attack

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.8%

JSON

A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4_Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp of the component mp4hls. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212563.

Affected configurations

NVD

Node

axiosysbento4Match1.6.0-639

CPENameOperatorVersion
axiosys:bento4axiosys bento4eq1.6.0-639

CPE	Name	Operator	Version
axiosys:bento4	axiosys bento4	eq	1.6.0-639

CNA Affected

[
  {
    "vendor": "Axiomatic",
    "product": "Bento4",
    "versions": [
      {
        "version": "5e7bb34",
        "status": "affected"
      }
    ]
  }
]

References

github.com/axiomatic-systems/Bento4/files/9849116/mp42hls_ReadBits_Ap4Mp4AudioInfo66.zip

github.com/axiomatic-systems/Bento4/issues/806

vuldb.com/?id.212563

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.8%

JSON

Related for CVE-2022-3784

ubuntucve1 cvelist1 nvd1 prion1 osv1