Vulnerability Details CVE-2022-4584
A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.9%
CVSS Severity
CVSS v3 Score 6.3
CVSS v2 Score 7.5
References
- https://github.com/axiomatic-systems/Bento4/files/10095915/POC2.tar.gz
- https://github.com/axiomatic-systems/Bento4/issues/818
- https://vuldb.com/?ctiid.216170
- https://vuldb.com/?id.216170
- https://github.com/axiomatic-systems/Bento4/files/10095915/POC2.tar.gz
- https://github.com/axiomatic-systems/Bento4/issues/818
- https://vuldb.com/?ctiid.216170
- https://vuldb.com/?id.216170
Products affected by CVE-2022-4584
-
cpe:2.3:a:axiosys:bento4:-
-
cpe:2.3:a:axiosys:bento4:1.2
-
cpe:2.3:a:axiosys:bento4:1.4.2-584
-
cpe:2.3:a:axiosys:bento4:1.4.2-586
-
cpe:2.3:a:axiosys:bento4:1.4.2-587
-
cpe:2.3:a:axiosys:bento4:1.4.2-588
-
cpe:2.3:a:axiosys:bento4:1.4.2-589
-
cpe:2.3:a:axiosys:bento4:1.4.2-590
-
cpe:2.3:a:axiosys:bento4:1.4.2-591
-
cpe:2.3:a:axiosys:bento4:1.4.2-592
-
cpe:2.3:a:axiosys:bento4:1.4.2-593
-
cpe:2.3:a:axiosys:bento4:1.4.2-594
-
cpe:2.3:a:axiosys:bento4:1.4.3-595
-
cpe:2.3:a:axiosys:bento4:1.4.3-596
-
cpe:2.3:a:axiosys:bento4:1.4.3-597
-
cpe:2.3:a:axiosys:bento4:1.4.3-598
-
cpe:2.3:a:axiosys:bento4:1.4.3-599
-
cpe:2.3:a:axiosys:bento4:1.4.3-600
-
cpe:2.3:a:axiosys:bento4:1.4.3-601
-
cpe:2.3:a:axiosys:bento4:1.4.3-602
-
cpe:2.3:a:axiosys:bento4:1.4.3-603
-
cpe:2.3:a:axiosys:bento4:1.4.3-604
-
cpe:2.3:a:axiosys:bento4:1.4.3-605
-
cpe:2.3:a:axiosys:bento4:1.4.3-606
-
cpe:2.3:a:axiosys:bento4:1.4.3-607
-
cpe:2.3:a:axiosys:bento4:1.4.3-608
-
cpe:2.3:a:axiosys:bento4:1.5.0-609
-
cpe:2.3:a:axiosys:bento4:1.5.0-610
-
cpe:2.3:a:axiosys:bento4:1.5.0-611
-
cpe:2.3:a:axiosys:bento4:1.5.0-612
-
cpe:2.3:a:axiosys:bento4:1.5.0-613
-
cpe:2.3:a:axiosys:bento4:1.5.0-614
-
cpe:2.3:a:axiosys:bento4:1.5.0-615
-
cpe:2.3:a:axiosys:bento4:1.5.0-616
-
cpe:2.3:a:axiosys:bento4:1.5.0-617
-
cpe:2.3:a:axiosys:bento4:1.5.0-618
-
cpe:2.3:a:axiosys:bento4:1.5.0-619
-
cpe:2.3:a:axiosys:bento4:1.5.1-620
-
cpe:2.3:a:axiosys:bento4:1.5.1-621
-
cpe:2.3:a:axiosys:bento4:1.5.1-622
-
cpe:2.3:a:axiosys:bento4:1.5.1-623
-
cpe:2.3:a:axiosys:bento4:1.5.1-624
-
cpe:2.3:a:axiosys:bento4:1.5.1-627
-
cpe:2.3:a:axiosys:bento4:1.5.1-628
-
cpe:2.3:a:axiosys:bento4:1.5.1-629
-
cpe:2.3:a:axiosys:bento4:1.5.1.0
-
cpe:2.3:a:axiosys:bento4:1.6.0
-
cpe:2.3:a:axiosys:bento4:1.6.0-630
-
cpe:2.3:a:axiosys:bento4:1.6.0-633
-
cpe:2.3:a:axiosys:bento4:1.6.0-634
-
cpe:2.3:a:axiosys:bento4:1.6.0-635
-
cpe:2.3:a:axiosys:bento4:1.6.0-636
-
cpe:2.3:a:axiosys:bento4:1.6.0-637
-
cpe:2.3:a:axiosys:bento4:1.6.0-638
-
cpe:2.3:a:axiosys:bento4:1.6.0-639