CVE-2022-43033: Use After Free
First published: Wed Oct 19 2022(Updated: )
An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom() which allows attackers to cause a Denial of Service (DoS) via a crafted input.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Axiosys Bento4 | =1.6.0-639 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-43033?
CVE-2022-43033 is a vulnerability discovered in Bento4 1.6.0-639 that allows attackers to cause a Denial of Service (DoS) via a crafted input.
How severe is CVE-2022-43033?
CVE-2022-43033 has a severity rating of 6.5 (Medium).
Which software versions are affected by CVE-2022-43033?
Bento4 1.6.0-639 is affected by CVE-2022-43033.
How can the bad free vulnerability in Bento4 be exploited?
This vulnerability can be exploited by attackers through a crafted input to cause a Denial of Service (DoS).
Is there a fix available for CVE-2022-43033?
Currently, there is no available fix for CVE-2022-43033. It is recommended to follow the vendor's advisory for any updates or patches.
- collector/nvd-index
- vendor/axiosys
- canonical/axiosys bento4
- version/axiosys bento4/1.6.0-639