Lucene search

VulDBCVELIST:CVE-2022-3666

HistoryOct 26, 2022 - 12:00 a.m.

CVE-2022-3666 Axiomatic Bento4 mp42ts Ap4LinearReader.cpp Advance use after free

2022-10-2600:00:00

CWE-119

VulDB

www.cve.org

axiomatic bento4

mp42ts

ap4linearreader.cpp

use after free

vulnerability

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.8%

JSON

A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212006 is the identifier assigned to this vulnerability.

CNA Affected

[
  {
    "vendor": "Axiomatic",
    "product": "Bento4",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/axiomatic-systems/Bento4/files/9744391/mp42ts_poc.zip

github.com/axiomatic-systems/Bento4/issues/793

vuldb.com/?id.212006

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.8%

JSON

Related for CVELIST:CVE-2022-3666