CVE-2022-3784

Name of the Vulnerable Software and Affected Versions Axiomatic Bento4 version 5e7bb34

Description A critical issue was found in the function AP4 Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp, which is part of the mp4hls component. This issue leads to a heap-based buffer overflow. The attack can be launched remotely.

Recommendations For version 5e7bb34, as a temporary workaround, consider disabling the AP4 Mp4AudioDsiParser::ReadBits function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.