CVE-2022-3809
Axiomatic Bento4 mp4tag Mp4Tag.cpp ParseCommandLine denial of service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A vulnerability was found in Axiomatic Bento4 and classified as problematic. Affected by this issue is the function ParseCommandLine of the file Mp4Tag/Mp4Tag.cpp of the component mp4tag. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212666 is the identifier assigned to this vulnerability.
Una vulnerabilidad fue encontrada en Axiomatic Bento4 y clasificada como problemática. La función ParseCommandLine del archivo Mp4Tag/Mp4Tag.cpp del componente mp4tag es afectada por esta vulnerabilidad. La manipulación conduce a la denegación del servicio. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-212666 es el identificador asignado a esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-01 CVE Reserved
- 2022-11-01 CVE Published
- 2024-06-22 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-404: Improper Resource Shutdown or Release
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/axiomatic-systems/Bento4/files/9653209/poc_Bento4.zip | 2024-08-03 | |
| https://github.com/axiomatic-systems/Bento4/issues/779 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Axiosys Search vendor "Axiosys" | Bento4 Search vendor "Axiosys" for product "Bento4" | <= 1.6.0-639 Search vendor "Axiosys" for product "Bento4" and version " <= 1.6.0-639" | - |
Affected
| ||||||