Vulnerabilities > CVE-2022-4584 - Heap-based Buffer Overflow vulnerability in Axiosys Bento4

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

axiosys

CWE-122

NVD

Published: 2022-12-17

Updated: 2024-04-11

Summary

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Axiosys Axiosys Bento4 - Axiosys Bento4 1.2 Axiosys Bento4 1.4.2-584 Axiosys Bento4 1.4.2-586 Axiosys Bento4 1.4.2-587 Axiosys Bento4 1.4.2-588 Axiosys Bento4 1.4.2-589 Axiosys Bento4 1.4.2-590 Axiosys Bento4 1.4.2-591 Axiosys Bento4 1.4.2-592 Axiosys Bento4 1.4.2-593 Axiosys Bento4 1.4.2-594 Axiosys Bento4 1.4.3-595 Axiosys Bento4 1.4.3-596 Axiosys Bento4 1.4.3-597 Axiosys Bento4 1.4.3-598 Axiosys Bento4 1.4.3-599 Axiosys Bento4 1.4.3-600 Axiosys Bento4 1.4.3-601 Axiosys Bento4 1.4.3-602 Axiosys Bento4 1.4.3-603 Axiosys Bento4 1.4.3-604 Axiosys Bento4 1.4.3-605 Axiosys Bento4 1.4.3-606 Axiosys Bento4 1.4.3-607 Axiosys Bento4 1.4.3-608 Axiosys Bento4 1.5.0-609 Axiosys Bento4 1.5.0-610 Axiosys Bento4 1.5.0-611 Axiosys Bento4 1.5.0-612 Axiosys Bento4 1.5.0-613 Axiosys Bento4 1.5.0-614 Axiosys Bento4 1.5.0-615 Axiosys Bento4 1.5.0-616 Axiosys Bento4 1.5.0-617 Axiosys Bento4 1.5.0-618 Axiosys Bento4 1.5.0-619 Axiosys Bento4 1.5.1-620 Axiosys Bento4 1.5.1-621 Axiosys Bento4 1.5.1-622 Axiosys Bento4 1.5.1-623 Axiosys Bento4 1.5.1-624 Axiosys Bento4 1.5.1-627 Axiosys Bento4 1.5.1-628 Axiosys Bento4 1.5.1-629 Axiosys Bento4 1.5.1.0 Axiosys Bento4 1.6.0 Axiosys Bento4 1.6.0-630 Axiosys Bento4 1.6.0-633 Axiosys Bento4 1.6.0-634 Axiosys Bento4 1.6.0-635 Axiosys Bento4 1.6.0-636 Axiosys Bento4 1.6.0-637 Axiosys Bento4 1.6.0-638 Axiosys Bento4 1.6.0-639	55

Common Weakness Enumeration (CWE)

CWE-122 - Heap-based Buffer Overflow

Common Attack Pattern Enumeration and Classification (CAPEC)

Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References