CVE-2018-13005Out-of-bounds Read in Gpac

CWE-125Out-of-bounds Read5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 31.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GpacDebian GpacCanonical Ubuntu Linux+1 more
Timeline
PublishedJun 29
Latest updateMay 14

Description

An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

debiandebian/gpac< gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bullseye)
Debiangpac/gpac< 0.5.2-426-gc5ad4e4+dfsg5-4.1
NVDgpac/gpac0.7.1

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04, 18.10

🔴Vulnerability Details

2
GHSA
GHSA-r5x3-q74r-h7hq: An issue was discovered in MP4Box in GPAC 02022-05-14
OSV
CVE-2018-13005: An issue was discovered in MP4Box in GPAC 02018-06-29

📋Vendor Advisories

2
Ubuntu
GPAC vulnerabilities2019-03-29
Debian
CVE-2018-13005: gpac - An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomed...2018
CVE-2018-13005 — Out-of-bounds Read in Debian Gpac | cvebase