CVE-2023-0841Heap-based Buffer Overflow in Gpac

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write16 documents4 sources
Severity
8.8HIGHNVD
OSV7.0
EPSS
0.9%
top 24.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GpacDebian Gpac
Timeline
PublishedFeb 15
Latest updateAug 2

Description

A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5gpac/gpac2.3-DEV-rev40-g3602a5ded
NVDgpac/gpac2.3-dev-rev40-g3602a5ded
debiandebian/gpac

🔴Vulnerability Details

14
OSV
linux-oem-6.5 vulnerabilities2024-08-02
OSV
linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5 vulnerabilities2024-07-19
OSV
linux-hwe-6.5 vulnerabilities2024-07-17
OSV
linux-azure-6.5, linux-gcp-6.5 vulnerabilities2024-07-16
OSV
linux, linux-gcp, linux-nvidia-6.5, linux-raspi vulnerabilities2024-07-12

📋Vendor Advisories

1
Debian
CVE-2023-0841: gpac - A vulnerability, which was classified as critical, has been found in GPAC 2.3-DE...2023
CVE-2023-0841 — Heap-based Buffer Overflow in Gpac | cvebase