Axiomatic Bento4 mp42hevc WriteSample 内存损坏

Axiomatic Bento4中曾发现一漏洞,此漏洞被分类为致命。 受影响的是功能WriteSample的组件:mp42hevc。 手动调试的不合法输入可导致 内存损坏。 使用CWE来声明会导致 CWE-122 的问题。 此漏洞的脆弱性 2022-10-22公示人身份776、所公布。 索取公告的网址是github.com。 该漏洞的交易名称为CVE-2022-3670, 可以发起远程攻击, 有技术细节可用。 此外还有一个漏洞可利用。 该漏洞利用已公开,可能会被利用。 目前漏洞的结构决定了可能的价格范围为美元价USD $0-$5k。 它被宣布为proof-of-concept。 该漏洞利用的共享下载地址为:github.com。 估计零日攻击的地下价格约为$0-$5k。 该漏洞被披露后,远在此前发表过可能的缓解措施。

时间轴

用户

126

字段

source_cve_nvd_summary1
source_cve_assigned1
exploit_price_0day1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1

Commit Conf

90%32
50%10
70%2
100%1

Approve Conf

90%32
80%10
70%2
100%1
ID已提交用户字段更改备注已接受地位C
132835102022-11-19VulD...cve_nvd_summaryA vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability.cve.mitre.org2022-11-19已接受
70
132835092022-11-19VulD...cve_assigned1666389600 (2022-10-22)cve.mitre.org2022-11-19已接受
70
131690492022-10-22VulD...price_0day$0-$5ksee exploit price documentation2022-10-22已接受
90
131690482022-10-22VulD...cvss3_meta_tempscore6.6see CVSS documentation2022-10-22已接受
90
131690472022-10-22VulD...cvss3_meta_basescore7.3see CVSS documentation2022-10-22已接受
90
131690462022-10-22VulD...cvss3_vuldb_tempscore6.6see CVSS documentation2022-10-22已接受
90
131690452022-10-22VulD...cvss3_vuldb_basescore7.3see CVSS documentation2022-10-22已接受
90
131690442022-10-22VulD...cvss2_vuldb_tempscore6.4see CVSS documentation2022-10-22已接受
90
131690432022-10-22VulD...cvss2_vuldb_basescore7.5see CVSS documentation2022-10-22已接受
90
131690422022-10-22VulD...cvss3_vuldb_rlXderived from historical data2022-10-22已接受
80
131690412022-10-22VulD...cvss2_vuldb_rlNDderived from historical data2022-10-22已接受
80
131690402022-10-22VulD...cvss2_vuldb_rcURderived from vuldb v3 vector2022-10-22已接受
80
131690392022-10-22VulD...cvss2_vuldb_ePOCderived from vuldb v3 vector2022-10-22已接受
80
131690382022-10-22VulD...cvss2_vuldb_aiPderived from vuldb v3 vector2022-10-22已接受
80
131690372022-10-22VulD...cvss2_vuldb_iiPderived from vuldb v3 vector2022-10-22已接受
80
131690362022-10-22VulD...cvss2_vuldb_ciPderived from vuldb v3 vector2022-10-22已接受
80
131690352022-10-22VulD...cvss2_vuldb_auNderived from vuldb v3 vector2022-10-22已接受
80
131690342022-10-22VulD...cvss2_vuldb_acLderived from vuldb v3 vector2022-10-22已接受
80
131690332022-10-22VulD...cvss2_vuldb_avNderived from vuldb v3 vector2022-10-22已接受
80
131690322022-10-22VulD...typeMultimedia Player Software2022-10-22已接受
90

25 更多条目未显示

🔒 Login Required

You need to signup and login to see more of the remaining 25 results.

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!