CVE-2022-4088419.10.2022, 18:15Bento4 1.6.0 has memory leaks via the mp4fragment.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST5.5 MEDIUMLOCALLOWNONECVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HmitreCNA------CVEADP------CISA-ADPADP5.5 MEDIUMLOCALLOWNONECVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HBase ScoreCVSS 3.xEPSS ScorePercentile: 22%VendorProductVersionaxiosysbento41.6.0𝑥= Vulnerable software versionsUbuntu ReleasesUbuntu ProductCodenamekodi-inputstream-adaptivenobleneeds-triagemanticignoredlunarignoredkineticignoredjammyneeds-triagefocaldnebionicdnexenialignoredtrustyignoredCommon Weakness EnumerationCWE-401 - Missing Release of Memory after Effective LifetimeThe software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.Referenceshttps://github.com/axiomatic-systems/Bento4/issues/759https://github.com/yangfar/CVE/blob/main/CVE-2022-40884.mdhttps://github.com/axiomatic-systems/Bento4/issues/759https://github.com/yangfar/CVE/blob/main/CVE-2022-40884.mdhttps://github.com/yangfar/CVE/blob/main/CVE-2022-40884.md
