CVE-2022-3667 – Axiomatic Bento4 mp42aac Ap4ByteStream.cpp WritePartial heap-based overflow
https://notcve.org/view.php?id=CVE-2022-3667
A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/17ssDP/fuzzer_crashes/blob/main/Bento4/mp42aac-hbo-01 https://github.com/axiomatic-systems/Bento4/issues/789 https://vuldb.com/?id.212007 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-3670 – Axiomatic Bento4 mp42hevc WriteSample heap-based overflow
https://notcve.org/view.php?id=CVE-2022-3670
A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. • https://github.com/axiomatic-systems/Bento4/files/9675049/Bug_3_POC.zip https://github.com/axiomatic-systems/Bento4/issues/776 https://vuldb.com/?id.212010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-3664 – Axiomatic Bento4 avcinfo Ap4BitStream.cpp WriteBytes heap-based overflow
https://notcve.org/view.php?id=CVE-2022-3664
A vulnerability classified as critical has been found in Axiomatic Bento4. Affected is the function AP4_BitStream::WriteBytes of the file Ap4BitStream.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/axiomatic-systems/Bento4/files/9746288/avcinfo_poc1.zip https://github.com/axiomatic-systems/Bento4/issues/794 https://vuldb.com/?id.212004 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-3662 – Axiomatic Bento4 mp42hls Ap4Sample.h GetOffset use after free
https://notcve.org/view.php?id=CVE-2022-3662
A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. • https://github.com/axiomatic-systems/Bento4/files/9817606/mp42hls_cuaf_Ap4Sample99.zip https://github.com/axiomatic-systems/Bento4/issues/802 https://vuldb.com/?id.212002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2022-3663 – Axiomatic Bento4 MP4fragment Ap4StsdAtom.cpp AP4_StsdAtom null pointer dereference
https://notcve.org/view.php?id=CVE-2022-3663
A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. This issue affects the function AP4_StsdAtom of the file Ap4StsdAtom.cpp of the component MP4fragment. The manipulation leads to null pointer dereference. The attack may be initiated remotely. • https://github.com/axiomatic-systems/Bento4/files/9817303/mp4fragment_npd_Ap4StsdAtom.cpp75.zip https://github.com/axiomatic-systems/Bento4/issues/800 https://vuldb.com/?id.212003 • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •