Vulnerability Details : CVE-2022-3815
A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability.
Products affected by CVE-2022-3815
- cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3815
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3815
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
VulDB | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-3815
-
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.Assigned by: cna@vuldb.com (Primary)
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: cna@vuldb.com (Primary)
References for CVE-2022-3815
-
https://github.com/axiomatic-systems/Bento4/issues/792
Some Memory leaks exist in mp4xx · Issue #792 · axiomatic-systems/Bento4 · GitHubIssue Tracking;Third Party Advisory
-
https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip
Exploit;Third Party Advisory
-
https://vuldb.com/?id.212681
CVE-2022-3815 | Axiomatic Bento4 mp4decrypt memory leak (ID 792)Third Party Advisory
Jump to