Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-3814
CVE-2022-3814:
NixOS vulnerability analysis and mitigation
Overview
A vulnerability classified as problematic was found in Axiomatic Bento4 affecting the mp4decrypt component. The vulnerability (CVE-2022-3814) leads to memory leaks that can be initiated remotely. The exploit has been disclosed to the public and may be used (GitHub Issue).
Technical details
The vulnerability manifests as memory leaks in the mp4decrypt component when processing MP4 files. The issue occurs in multiple functions including AP4AtomFactory::CreateAtomFromStream and AP4Processor::Process. Analysis shows direct leaks of 88 bytes and 48 bytes in separate objects, as well as indirect leaks of 192 bytes, totaling 328 bytes in three allocations (GitHub Issue).
Impact
The vulnerability can lead to memory leaks when processing MP4 files, potentially causing resource exhaustion and denial of service conditions in systems using the affected component (GitHub Issue).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management