CVE-2022-3814
Axiomatic Bento4 mp4decrypt memory leak
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability classified as problematic was found in Axiomatic Bento4. This vulnerability affects unknown code of the component mp4decrypt. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212680.
Una vulnerabilidad fue encontrada en Axiomatic Bento4 y clasificada como problemática. Esta vulnerabilidad afecta a un código desconocido del componente mp4decrypt. La manipulación conduce a una pérdida de memoria. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-212680.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-11-01 CVE Reserved
- 2022-11-01 CVE Published
- 2024-06-22 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-404: Improper Resource Shutdown or Release
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/axiomatic-systems/Bento4/issues/792 | Issue Tracking | |
| https://vuldb.com/?id.212680 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/axiomatic-systems/Bento4/files/9727002/POC_mp4decrypt_477546304.zip | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|