CVE-2022-3663: Axiomatic Bento4 MP4fragment Ap4StsdAtom.cpp AP4_StsdAtom null pointer dereference
First published: Wed Oct 26 2022(Updated: )
A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. This issue affects the function AP4_StsdAtom of the file Ap4StsdAtom.cpp of the component MP4fragment. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212003.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Axiosys Bento4 | =1.6.0-639 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3663?
CVE-2022-3663 has a severity rating of medium (5.5).
How does CVE-2022-3663 affect Axiomatic Bento4?
CVE-2022-3663 affects the function AP4_StsdAtom in the file Ap4StsdAtom.cpp of the MP4fragment component in Axiomatic Bento4.
How can CVE-2022-3663 be exploited?
CVE-2022-3663 can be exploited remotely by initiating the attack.
Is there a fix available for CVE-2022-3663?
Yes, a fix for CVE-2022-3663 is available. Please refer to the references for more information.
What is the Common Weakness Enumeration (CWE) ID for CVE-2022-3663?
CVE-2022-3663 is associated with CWE-476 (NULL Pointer Dereference) and CWE-404 (Improper Resource Shutdown or Release).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/title
- agent/author
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/axiosys
- canonical/axiosys bento4
- version/axiosys bento4/1.6.0-639