CVE-2022-3667

A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212007.
References
Link Resource
https://github.com/17ssDP/fuzzer_crashes/blob/main/Bento4/mp42aac-hbo-01 Exploit Third Party Advisory
https://github.com/axiomatic-systems/Bento4/issues/789 Exploit Third Party Advisory
https://vuldb.com/?id.212007 Permissions Required Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*

History

28 Oct 2022, 17:30

Type Values Removed Values Added
CWE CWE-787
CPE cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*
References (MISC) https://vuldb.com/?id.212007 - (MISC) https://vuldb.com/?id.212007 - Permissions Required, Third Party Advisory
References (MISC) https://github.com/axiomatic-systems/Bento4/issues/789 - (MISC) https://github.com/axiomatic-systems/Bento4/issues/789 - Exploit, Third Party Advisory
References (MISC) https://github.com/17ssDP/fuzzer_crashes/blob/main/Bento4/mp42aac-hbo-01 - (MISC) https://github.com/17ssDP/fuzzer_crashes/blob/main/Bento4/mp42aac-hbo-01 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

26 Oct 2022, 19:38

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-26 19:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-3667

Mitre link : CVE-2022-3667

CVE.ORG link : CVE-2022-3667


JSON object : View

Products Affected

axiosys

  • bento4
CWE
CWE-787

Out-of-bounds Write

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer