Vulnerability Details : CVE-2022-3817
A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212683.
Products affected by CVE-2022-3817
- cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3817
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3817
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
VulDB | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-3817
-
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.Assigned by: cna@vuldb.com (Primary)
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: cna@vuldb.com (Primary)
References for CVE-2022-3817
-
https://github.com/axiomatic-systems/Bento4/files/9727057/POC_mp4mux_1729452038.zip
Exploit;Third Party Advisory
-
https://github.com/axiomatic-systems/Bento4/issues/792
Some Memory leaks exist in mp4xx · Issue #792 · axiomatic-systems/Bento4 · GitHubIssue Tracking;Third Party Advisory
-
https://vuldb.com/?id.212683
CVE-2022-3817 | Axiomatic Bento4 mp4mux memory leak (ID 792)Third Party Advisory
Jump to