This issue could cause applications that rely on a memory allocation function to crash. A maliciously crafted media file using Bento4 v1.6.0-639 could potentially exploit this vulnerability to cause a denial of service. Bento4 v1.6.0-639 also contains a use-after-free flaw. An attacker could leverage this issue to execute arbitrary code on the affected system. Bento4 v1.6.0-639 installs a malicious module that could potentially exploit this issue. Bento4 v1.6.0-639 has a XSS flaw that could be exploited by attackers to inject code into a vulnerable application.
Bento4 v1.6.0-848
This issue could cause applications that rely on a memory allocation function to crash. A maliciously crafted media file using Bento4 v1.6.0-848 could potentially exploit this vulnerability to cause a denial of service. Bento4 v1.6.0-848 also contains a use-after-free flaw. An attacker could leverage this issue to execute arbitrary code on the affected system. Bento4 v1.6.0-848 installs a malicious module that could potentially exploit this issue.
Bento4 v1.6.0-848 has a XSS flaw that could be exploited by attackers to inject code into a vulnerable application
Vulnerability Scoring
(10 point score)
CVSS:7.5 CVSS:3.0
The following CVSS scores are assigned to the main vulnerability in CVE-2022-41425:
Criticality Maximum CVSS:3.0
CVSS Base Score: 7.5
Exploitation Vector Maximum CVSS score: 8.8
Vulnerability overview
Bento4 v1.6.0-639 contains a use-after-free flaw and a XSS flaw that could be exploited by attackers to inject code into vulnerable applications.
Timeline
Published on: 10/03/2022 14:15:00 UTC
Last modified on: 10/05/2022 13:21:00 UTC