CVE-2022-40438

Published: Sep 14, 2022Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Buffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file.

Affected (1)

Products: Axiosys: Bento4

Axiosys

1 product

Bento4

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Axiosys Bento4	Version 1.6.0-639

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://github.com/axiomatic-systems/Bento4/issues/751

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/axiomatic-systems/Bento4/issues/751

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.