CVE-2022-3662: Axiomatic Bento4 mp42hls Ap4Sample.h GetOffset use after free
First published: Wed Oct 26 2022(Updated: )
A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Axiosys Bento4 | =1.6.0-639 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3662?
The severity of CVE-2022-3662 is high.
How does CVE-2022-3662 affect Axiomatic Bento4?
CVE-2022-3662 affects Axiomatic Bento4 by leading to use after free in the GetOffset function of the mp42hls component.
Can CVE-2022-3662 be exploited remotely?
Yes, the attack for CVE-2022-3662 can be initiated remotely.
Is there a fix available for CVE-2022-3662?
It is recommended to update to a fixed version of Axiomatic Bento4.
What is the CWE classification for CVE-2022-3662?
CVE-2022-3662 is classified under CWE-416 (Use After Free) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer).
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/last-modified-date
- agent/author
- agent/severity
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- vendor/axiosys
- canonical/axiosys bento4
- version/axiosys bento4/1.6.0-639