Vulnerability Details : CVE-2022-3816
A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212682 is the identifier assigned to this vulnerability.
Products affected by CVE-2022-3816
- cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3816
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3816
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
VulDB | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-3816
-
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.Assigned by: cna@vuldb.com (Primary)
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: cna@vuldb.com (Primary)
References for CVE-2022-3816
-
https://github.com/axiomatic-systems/Bento4/issues/792
Some Memory leaks exist in mp4xx · Issue #792 · axiomatic-systems/Bento4 · GitHubIssue Tracking;Third Party Advisory
-
https://vuldb.com/?id.212682
CVE-2022-3816 | Axiomatic Bento4 mp4decrypt memory leak (ID 792)Third Party Advisory
-
https://github.com/axiomatic-systems/Bento4/files/9727059/POC_mp4decrypt_654515280.zip
Exploit;Third Party Advisory
Jump to