CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-3665 – Axiomatic Bento4 avcinfo AvcInfo.cpp heap-based overflow
https://notcve.org/view.php?id=CVE-2022-3665
A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.zip https://github.com/axiomatic-systems/Bento4/issues/794 https://vuldb.com/?id.212005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40884
https://notcve.org/view.php?id=CVE-2022-40884
Bento4 1.6.0 has memory leaks via the mp4fragment. Bento4 versión 1.6.0, presenta pérdida de memoria por medio de mp4fragment • https://github.com/axiomatic-systems/Bento4/issues/759 https://github.com/yangfar/CVE/blob/main/CVE-2022-40884.md • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43038
https://notcve.org/view.php?id=CVE-2022-43038
Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts. Se ha detectado que Bento4 versión v1.6.0-639, contiene un desbordamiento de la pila por medio de la función AP4_BitReader::ReadCache() en mp42ts • https://github.com/axiomatic-systems/Bento4/issues/787 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40885
https://notcve.org/view.php?id=CVE-2022-40885
Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service. Bento4 v1.6.0-639m presenta un problema de asignación de memoria que puede causar una denegación de servicio • https://github.com/axiomatic-systems/Bento4/issues/761 https://github.com/yangfar/CVE/blob/main/CVE-2022-40885.md • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43032
https://notcve.org/view.php?id=CVE-2022-43032
An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac. Se ha detectado un problema en Bento4 versión v1.6.0-639. Se presenta una pérdida de memoria en la función AP4_DescriptorFactory::CreateDescriptorFromStream en el archivo Core/Ap4DescriptorFactory.cpp, como ha demostrado mp42aac • https://github.com/axiomatic-systems/Bento4/issues/763 • CWE-401: Missing Release of Memory after Effective Lifetime •