CVE-2022-43032

Published: Oct 19, 2022Modified: May 8, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac.

Affected (1)

Products: Axiosys: Bento4

Axiosys

1 product

Bento4

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Axiosys Bento4	Version 1.6.0-639

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

https://github.com/axiomatic-systems/Bento4/issues/763

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/axiomatic-systems/Bento4/issues/763

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.