CVE-2022-3815
Axiomatic Bento4 mp4decrypt memory leak
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability.
Una vulnerabilidad fue encontrada en Axiomatic Bento4 y clasificada como problemática. Este problema afecta un procesamiento desconocido del componente mp4decrypt. La manipulación conduce a una pérdida de memoria. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-212681.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-11-01 CVE Reserved
- 2022-11-01 CVE Published
- 2024-06-22 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-404: Improper Resource Shutdown or Release
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/axiomatic-systems/Bento4/issues/792 | Issue Tracking | |
| https://vuldb.com/?id.212681 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|