CVE-2022-3663

Published: Oct 26, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. This issue affects the function AP4_StsdAtom of the file Ap4StsdAtom.cpp of the component MP4fragment. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212003.

Affected (1)

Products: Axiosys: Bento4

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Axiosys Bento4	Version 1.6.0-639

Related CWEs

Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (6)

https://github.com/axiomatic-systems/Bento4/files/9817303/mp4fragment_npd_Ap4StsdAtom.cpp75.zip

Source: cna@vuldb.com

ExploitThird Party Advisory

https://github.com/axiomatic-systems/Bento4/issues/800

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?id.212003

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://github.com/axiomatic-systems/Bento4/files/9817303/mp4fragment_npd_Ap4StsdAtom.cpp75.zip

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/axiomatic-systems/Bento4/issues/800

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?id.212003

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.