Lucene search

[email protected]NVD:CVE-2022-3662

HistoryOct 26, 2022 - 7:15 p.m.

CVE-2022-3662

2022-10-2619:15:17

CWE-416

CWE-119

[email protected]

web.nvd.nist.gov

axiomatic bento4

critical

getoffset

vulnerability

use after free

remote attack

disclosed

vdb-212002

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability.

Affected configurations

Nvd

Node

axiosysbento4Match1.6.0-639

VendorProductVersionCPE
axiosysbento41.6.0-639cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
axiosys	bento4	1.6.0-639	cpe:2.3:a:axiosys:bento4:1.6.0-639:::::::*

References

github.com/axiomatic-systems/Bento4/files/9817606/mp42hls_cuaf_Ap4Sample99.zip

github.com/axiomatic-systems/Bento4/issues/802

vuldb.com/?id.212002

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

Related for NVD:CVE-2022-3662

cvelist1 prion1 osv1 cve1 ubuntucve1