CVE-2023-1448 — Heap-based Buffer Overflow in Gpac

CWE-122 — Heap-based Buffer Overflow4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 85.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gpac Debian Gpac

Timeline

PublishedMar 17

Description

A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/gpac< gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)

▶Debiangpac/gpac< 1.0.1+dfsg1-4+deb11u2

▶CVEListV5gpac/gpac2.3-DEV-rev35-gbbca86917-master

▶NVDgpac/gpac2.3

🔴Vulnerability Details

OSV

CVE-2023-1448: A vulnerability, which was classified as problematic, was found in GPAC 2↗2023-03-17

▶

GHSA

GHSA-cxc6-7754-2grf: A vulnerability, which was classified as problematic, was found in GPAC 2↗2023-03-17

▶

📋Vendor Advisories

Debian

CVE-2023-1448: gpac - A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-...↗2023

▶