Vulnerability Details : CVE-2022-3813
A vulnerability classified as problematic has been found in Axiomatic Bento4. This affects an unknown part of the component mp4edit. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212679.
Products affected by CVE-2022-3813
- cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3813
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3813
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
VulDB | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-3813
-
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.Assigned by: cna@vuldb.com (Primary)
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: cna@vuldb.com (Primary)
References for CVE-2022-3813
-
https://github.com/axiomatic-systems/Bento4/issues/792
Some Memory leaks exist in mp4xx · Issue #792 · axiomatic-systems/Bento4 · GitHubThird Party Advisory
-
https://vuldb.com/?id.212679
CVE-2022-3813 | Axiomatic Bento4 mp4edit memory leak (ID 792)Third Party Advisory
-
https://github.com/axiomatic-systems/Bento4/files/9726974/POC_mp4edit_728838793.zip
Third Party Advisory
Jump to