admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2022-3662 - CVE-2022-3670

Browse Source
This commit is contained in:
Marc Ruef 2022-10-26 20:21:35 +02:00 committed by GitHub
parent b79f316069
commit ad61fbcf53
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 549 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
2022/3xxx/CVE-2022-3662.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3662",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 mp42hls Ap4Sample.h GetOffset use after free",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Memory Corruption -> CWE-416 Use After Free"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/issues\/802"
},
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/files\/9817606\/mp42hls_cuaf_Ap4Sample99.zip"
},
{
"url": "https:\/\/vuldb.com\/?id.212002"
}
]
}

64
2022/3xxx/CVE-2022-3663.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 MP4fragment Ap4StsdAtom.cpp AP4_StsdAtom null pointer dereference",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service -> CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. This issue affects the function AP4_StsdAtom of the file Ap4StsdAtom.cpp of the component MP4fragment. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212003."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/issues\/800"
},
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/files\/9817303\/mp4fragment_npd_Ap4StsdAtom.cpp75.zip"
},
{
"url": "https:\/\/vuldb.com\/?id.212003"
}
]
}

64
2022/3xxx/CVE-2022-3664.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3664",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 avcinfo Ap4BitStream.cpp WriteBytes heap-based overflow",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Memory Corruption -> CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in Axiomatic Bento4. Affected is the function AP4_BitStream::WriteBytes of the file Ap4BitStream.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212004."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/issues\/794"
},
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/files\/9746288\/avcinfo_poc1.zip"
},
{
"url": "https:\/\/vuldb.com\/?id.212004"
}
]
}

64
2022/3xxx/CVE-2022-3665.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3665",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 avcinfo AvcInfo.cpp heap-based overflow",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Memory Corruption -> CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/issues\/794"
},
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/files\/9746311\/avcinfo_poc2.zip"
},
{
"url": "https:\/\/vuldb.com\/?id.212005"
}
]
}

64
2022/3xxx/CVE-2022-3666.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3666",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 mp42ts Ap4LinearReader.cpp Advance use after free",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Memory Corruption -> CWE-416 Use After Free"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212006 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/issues\/793"
},
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/files\/9744391\/mp42ts_poc.zip"
},
{
"url": "https:\/\/vuldb.com\/?id.212006"
}
]
}

64
2022/3xxx/CVE-2022-3667.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 mp42aac Ap4ByteStream.cpp WritePartial heap-based overflow",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Memory Corruption -> CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212007."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/issues\/789"
},
{
"url": "https:\/\/github.com\/17ssDP\/fuzzer_crashes\/blob\/main\/Bento4\/mp42aac-hbo-01"
},
{
"url": "https:\/\/vuldb.com\/?id.212007"
}
]
}

64
2022/3xxx/CVE-2022-3668.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3668",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 mp4edit CreateAtomFromStream memory leak",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service -> CWE-401 Memory Leak"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212008."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/issues\/776"
},
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/files\/9640968\/Bug_1_POC.zip"
},
{
"url": "https:\/\/vuldb.com\/?id.212008"
}
]
}

64
2022/3xxx/CVE-2022-3669.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 mp4edit Create memory leak",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service -> CWE-401 Memory Leak"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212009 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/issues\/776"
},
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/files\/9675042\/Bug_2_POC.zip"
},
{
"url": "https:\/\/vuldb.com\/?id.212009"
}
]
}

64
2022/3xxx/CVE-2022-3670.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3670",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 mp42hevc WriteSample heap-based overflow",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Memory Corruption -> CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/issues\/776"
},
{
"url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/files\/9675049\/Bug_3_POC.zip"
},
{
"url": "https:\/\/vuldb.com\/?id.212010"
}
]
}