Vulnerability Details : CVE-2022-3815
A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability.
Exploit prediction scoring system (EPSS) score for CVE-2022-3815
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 31 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-3815
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
cna@vuldb.com |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
nvd@nist.gov |
CWE ids for CVE-2022-3815
-
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.Assigned by: cna@vuldb.com (Primary)
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: cna@vuldb.com (Primary)
References for CVE-2022-3815
-
https://github.com/axiomatic-systems/Bento4/issues/792
Some Memory leaks exist in mp4xx · Issue #792 · axiomatic-systems/Bento4 · GitHubIssue Tracking;Third Party Advisory
-
https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip
Exploit;Third Party Advisory
-
https://vuldb.com/?id.212681
CVE-2022-3815 | Axiomatic Bento4 mp4decrypt memory leak (ID 792)Third Party Advisory
Products affected by CVE-2022-3815
- cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*