{"cve":{"cve_id":"CVE-2022-3815","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00771,"epss_percentile":0.50855,"epss_as_of":"2026-06-23","description":"A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability.","published_at":"2022-11-01T00:00:00Z","last_modified_at":null,"cvss_v3_score":4.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"poc","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-404"],"nvd_references":["https://github.com/axiomatic-systems/Bento4/issues/792","https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip","https://vuldb.com/?id.212681"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:17:16.187107Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"L","value_label":"Low"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"axiomatic","vendor_name":"Axiomatic","product_slug":"bento4","product_name":"Bento4","version_start":"n/a","version_start_inclusive":true,"version_end":"n/a","version_end_inclusive":true,"cpe23_uri":"cve5:axiomatic:bento4:n/a:n/a"}],"exploit_refs":[],"news":[],"references":[{"url":"https://github.com/axiomatic-systems/Bento4/issues/792","source_type":"MISC","tags":[]},{"url":"https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip","source_type":"MISC","tags":[]},{"url":"https://vuldb.com/?id.212681","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2022-11-01T00:00:00Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:23:44.320163Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:23:44.320163Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:23:44.320163Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:17:16.187107Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:17:16.187107Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:17:16.187107Z","label":"SSVC decision revised","source":"vulnrichment"}]}