Axiomatic Bento4 mp4info Ap4StdCFileByteStream.cpp ReadPartial 内存损坏

Axiomatic Bento4中曾发现分类为致命的漏洞。 受此漏洞影响的是功能AP4_StdcFileByteStream::ReadPartial文件:Ap4StdCFileByteStream.cpp的组件mp4info。 手动调试的不合法输入可导致 内存损坏。 漏洞的CWE定义是 CWE-122。 此漏洞的脆弱性 2022-11-13公示人身份812、所提交。 分享公告的网址是github.com。 该漏洞被称作为CVE-2022-3974, 攻击可能起始于远程, 有技术细节可用。 此外还有一个漏洞可利用。 该漏洞利用已公开,可能会被利用。 当前漏洞利用价值为美元大约是 $0-$5k。 它被宣布为proof-of-concept。 可以在github.com下载该漏洞利用。 我们估计的零日攻击价值约为$0-$5k。 该漏洞被披露后,此前未曾发表过可能的缓解措施。

时间轴

用户

126

字段

exploit_price_0day2
source_cve_nvd_summary1
source_cve_assigned1
advisory_identifier1
vulnerability_cvss3_meta_tempscore1

Commit Conf

90%33
50%10
70%3

Approve Conf

90%33
80%10
70%3
ID已提交用户字段更改备注已接受地位C
133965992022-12-17VulD...price_0day$0-$5ksee exploit price documentation2022-12-17已接受
90
133965982022-12-17VulD...cve_nvd_summaryA vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is the function AP4_StdcFileByteStream::ReadPartial of the file Ap4StdCFileByteStream.cpp of the component mp4info. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213553 was assigned to this vulnerability.cve.mitre.org2022-12-17已接受
70
133965972022-12-17VulD...cve_assigned1668294000 (2022-11-13)cve.mitre.org2022-12-17已接受
70
133965962022-12-17VulD...identifier812cve.mitre.org2022-12-17已接受
70
132613142022-11-13VulD...price_0day$0-$5ksee exploit price documentation2022-11-13已接受
90
132613132022-11-13VulD...cvss3_meta_tempscore5.7see CVSS documentation2022-11-13已接受
90
132613122022-11-13VulD...cvss3_meta_basescore6.3see CVSS documentation2022-11-13已接受
90
132613112022-11-13VulD...cvss3_vuldb_tempscore5.7see CVSS documentation2022-11-13已接受
90
132613102022-11-13VulD...cvss3_vuldb_basescore6.3see CVSS documentation2022-11-13已接受
90
132613092022-11-13VulD...cvss2_vuldb_tempscore6.4see CVSS documentation2022-11-13已接受
90
132613082022-11-13VulD...cvss2_vuldb_basescore7.5see CVSS documentation2022-11-13已接受
90
132613072022-11-13VulD...cvss3_vuldb_rlXderived from historical data2022-11-13已接受
80
132613062022-11-13VulD...cvss2_vuldb_rlNDderived from historical data2022-11-13已接受
80
132613052022-11-13VulD...cvss2_vuldb_rcURderived from vuldb v3 vector2022-11-13已接受
80
132613042022-11-13VulD...cvss2_vuldb_ePOCderived from vuldb v3 vector2022-11-13已接受
80
132613032022-11-13VulD...cvss2_vuldb_aiPderived from vuldb v3 vector2022-11-13已接受
80
132613022022-11-13VulD...cvss2_vuldb_iiPderived from vuldb v3 vector2022-11-13已接受
80
132613012022-11-13VulD...cvss2_vuldb_ciPderived from vuldb v3 vector2022-11-13已接受
80
132613002022-11-13VulD...cvss2_vuldb_auNderived from vuldb v3 vector2022-11-13已接受
80
132612992022-11-13VulD...cvss2_vuldb_acLderived from vuldb v3 vector2022-11-13已接受
80

26 更多条目未显示

🔒 Login Required

You need to signup and login to see more of the remaining 26 results.

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!