CVE-2022-3665

A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability.
References
Link Resource
https://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.zip Exploit Third Party Advisory
https://github.com/axiomatic-systems/Bento4/issues/794 Exploit Third Party Advisory
https://vuldb.com/?id.212005 Permissions Required Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*

History

28 Oct 2022, 15:16

Type Values Removed Values Added
References (MISC) https://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.zip - (MISC) https://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.zip - Exploit, Third Party Advisory
References (MISC) https://vuldb.com/?id.212005 - (MISC) https://vuldb.com/?id.212005 - Permissions Required, Third Party Advisory
References (MISC) https://github.com/axiomatic-systems/Bento4/issues/794 - (MISC) https://github.com/axiomatic-systems/Bento4/issues/794 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*
CWE CWE-122
CWE-119
CWE-787

26 Oct 2022, 19:38

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-26 19:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-3665

Mitre link : CVE-2022-3665

CVE.ORG link : CVE-2022-3665


JSON object : View

Products Affected

axiosys

  • bento4
CWE
CWE-787

Out-of-bounds Write

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer