Home > Vulnerability Database > CVE-2022-3667

Mend.io Vulnerability Database

CVE-2022-3667

Date: October 25, 2022

A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212007.

Language: C++

Severity Score

7.3

Related Resources (5)

Url: https://github.com/17ssDP/fuzzer_crashes/blob/main/Bento4/mp42aac-hbo-01

Url: https://vuldb.com/?id.212007

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-3667

Url: https://github.com/axiomatic-systems/Bento4/issues/789

Url: https://www.mend.io/vulnerability-database/CVE-2022-3667

Severity Score

7.3

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-3667

Date: October 25, 2022

Language: C++

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?