Vulnerability Description
A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Axiosys | Bento4 | 1.6.0-639 |
Related Weaknesses (CWE)
References
- https://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.zipExploitThird Party Advisory
- https://github.com/axiomatic-systems/Bento4/issues/794ExploitThird Party Advisory
- https://vuldb.com/?id.212005Permissions RequiredThird Party Advisory
- https://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.zipExploitThird Party Advisory
- https://github.com/axiomatic-systems/Bento4/issues/794ExploitThird Party Advisory
- https://vuldb.com/?id.212005Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-3665?
CVE-2022-3665 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation lead...
How severe is CVE-2022-3665?
CVE-2022-3665 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3665?
Check the references section above for vendor advisories and patch information. Affected products include: Axiosys Bento4.