CVE-2022-3668: Axiomatic Bento4 mp4edit CreateAtomFromStream memory leak
First published: Wed Oct 26 2022(Updated: )
A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212008.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Axiosys Bento4 | =1.6.0-639 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3668?
The severity of CVE-2022-3668 is medium.
Which software is affected by CVE-2022-3668?
The affected software is Axiosys Bento4 version 1.6.0-639.
What is the vulnerability description of CVE-2022-3668?
CVE-2022-3668 is a vulnerability in Axiomatic Bento4 that leads to a memory leak in the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. It can be exploited remotely.
How can CVE-2022-3668 be exploited?
CVE-2022-3668 can be exploited remotely.
Is there a fix available for CVE-2022-3668?
A fix for CVE-2022-3668 is not mentioned in the provided references. Please refer to the software vendor for any available patches or updates.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/last-modified-date
- agent/author
- agent/severity
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- vendor/axiosys
- canonical/axiosys bento4
- version/axiosys bento4/1.6.0-639