CVE-2018-13006Out-of-bounds Read in Gpac

CWE-125Out-of-bounds Read5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 28.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GpacDebian GpacCanonical Ubuntu Linux+1 more
Timeline
PublishedJun 29
Latest updateMay 14

Description

An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

debiandebian/gpac< gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bullseye)
Debiangpac/gpac< 0.5.2-426-gc5ad4e4+dfsg5-4.1
NVDgpac/gpac0.7.1

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04, 18.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-gfc2-w5mh-qvh7: An issue was discovered in MP4Box in GPAC 02022-05-14
OSV
CVE-2018-13006: An issue was discovered in MP4Box in GPAC 02018-06-29

📋Vendor Advisories

2
Ubuntu
GPAC vulnerabilities2019-03-29
Debian
CVE-2018-13006: gpac - An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer ov...2018
CVE-2018-13006 — Out-of-bounds Read in Debian Gpac | cvebase