Axiomatic Bento4 avcinfo AvcInfo.cpp minneskorruption

I Axiomatic Bento4 har en kritisksvag punkt upptäckte. Som påverkar en okänd funktion filen AvcInfo.cpp av komponenten avcinfo. Manipulering en okänd ingång leder till en sårbarhet klass minneskorruption svag punkt. Den rådgivande finns tillgänglig för nedladdning på github.com. Denna svaga punkt är känd som CVE-2022-3665. Attacken på nätet kan. Det finns tekniska detaljer känd. Han deklarerade proof-of-concept. Den exploit kan laddas ner från github.com. En möjlig åtgärd har utfärdats före och inte bara efter offentliggörandet.

Fält22/10/2022 09:4419/11/2022 14:1319/11/2022 14:15
vendorAxiomaticAxiomaticAxiomatic
nameBento4Bento4Bento4
componentavcinfoavcinfoavcinfo
fileAvcInfo.cppAvcInfo.cppAvcInfo.cpp
cwe122 (minneskorruption)122 (minneskorruption)122 (minneskorruption)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
identifier794794794
urlhttps://github.com/axiomatic-systems/Bento4/issues/794https://github.com/axiomatic-systems/Bento4/issues/794https://github.com/axiomatic-systems/Bento4/issues/794
availability111
publicity111
urlhttps://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.ziphttps://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.ziphttps://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.zip
cveCVE-2022-3665CVE-2022-3665CVE-2022-3665
responsibleVulDBVulDBVulDB
date1666389600 (22/10/2022)1666389600 (22/10/2022)1666389600 (22/10/2022)
typeMultimedia Player SoftwareMultimedia Player SoftwareMultimedia Player Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore6.46.46.4
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore6.66.66.6
cvss3_meta_basescore7.37.37.5
cvss3_meta_tempscore6.66.67.2
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1666389600 (22/10/2022)1666389600 (22/10/2022)
cve_nvd_summaryA vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability.A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability.
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss3_nvd_basescore7.8
cvss3_cna_basescore7.3

Do you want to use VulDB in your project?

Use the official API to access entries easily!