Axiomatic Bento4 mp42hevc WriteSample heap-based overflow

A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. Using CWE to declare the problem leads to CWE-122. The weakness was published 10/22/2022 as 776. The advisory is available at github.com. This vulnerability is traded as CVE-2022-3670. It is possible to launch the attack remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. It is declared as proof-of-concept. The exploit is shared for download at github.com. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

126

Field

source_cve_nvd_summary1
source_cve_assigned1
exploit_price_0day1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1

Commit Conf

90%32
50%10
70%2
100%1

Approve Conf

90%32
80%10
70%2
100%1
IDCommitedUserFieldChangeRemarksAcceptedStatusC
1328351011/19/2022VulD...cve_nvd_summaryA vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability.cve.mitre.org11/19/2022accepted
70
1328350911/19/2022VulD...cve_assigned1666389600 (10/22/2022)cve.mitre.org11/19/2022accepted
70
1316904910/22/2022VulD...price_0day$0-$5ksee exploit price documentation10/22/2022accepted
90
1316904810/22/2022VulD...cvss3_meta_tempscore6.6see CVSS documentation10/22/2022accepted
90
1316904710/22/2022VulD...cvss3_meta_basescore7.3see CVSS documentation10/22/2022accepted
90
1316904610/22/2022VulD...cvss3_vuldb_tempscore6.6see CVSS documentation10/22/2022accepted
90
1316904510/22/2022VulD...cvss3_vuldb_basescore7.3see CVSS documentation10/22/2022accepted
90
1316904410/22/2022VulD...cvss2_vuldb_tempscore6.4see CVSS documentation10/22/2022accepted
90
1316904310/22/2022VulD...cvss2_vuldb_basescore7.5see CVSS documentation10/22/2022accepted
90
1316904210/22/2022VulD...cvss3_vuldb_rlXderived from historical data10/22/2022accepted
80
1316904110/22/2022VulD...cvss2_vuldb_rlNDderived from historical data10/22/2022accepted
80
1316904010/22/2022VulD...cvss2_vuldb_rcURderived from vuldb v3 vector10/22/2022accepted
80
1316903910/22/2022VulD...cvss2_vuldb_ePOCderived from vuldb v3 vector10/22/2022accepted
80
1316903810/22/2022VulD...cvss2_vuldb_aiPderived from vuldb v3 vector10/22/2022accepted
80
1316903710/22/2022VulD...cvss2_vuldb_iiPderived from vuldb v3 vector10/22/2022accepted
80
1316903610/22/2022VulD...cvss2_vuldb_ciPderived from vuldb v3 vector10/22/2022accepted
80
1316903510/22/2022VulD...cvss2_vuldb_auNderived from vuldb v3 vector10/22/2022accepted
80
1316903410/22/2022VulD...cvss2_vuldb_acLderived from vuldb v3 vector10/22/2022accepted
80
1316903310/22/2022VulD...cvss2_vuldb_avNderived from vuldb v3 vector10/22/2022accepted
80
1316903210/22/2022VulD...typeMultimedia Player Software10/22/2022accepted
90

25 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!