CVE-2018-20761Improper Restriction of Operations within the Bounds of a Memory Buffer in Gpac

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 56.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
GpacDebian GpacGpac Project Gpac+2 more
Timeline
PublishedFeb 6
Latest updateMay 14

Description

GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/gpac< gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bullseye)
Debiangpac/gpac< 0.5.2-426-gc5ad4e4+dfsg5-4.1

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04, 18.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-7vg9-jpp6-29qg: GPAC version 02022-05-14
OSV
CVE-2018-20761: GPAC version 02019-02-06

📋Vendor Advisories

2
Ubuntu
GPAC vulnerabilities2019-03-29
Debian
CVE-2018-20761: gpac - GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_...2018
CVE-2018-20761 — Debian Gpac vulnerability | cvebase