CVE-2024-6062 — NULL Pointer Dereference in Gpac

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 88.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gpac Debian Gpac

Timeline

PublishedJun 17

Description

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 31e499d310a48bd17c8b055a0bfe0fe35887a7cd. It is recommended to apply a patch to fix this issue.…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5gpac/gpac2.5-DEV-rev228-g11067ea92-master

▶NVDgpac/gpac2.5-dev-rev288-g11067ea92-master

▶debiandebian/gpac

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2024-6062: A vulnerability was found in GPAC 2↗2024-06-17

▶

GHSA

GHSA-qw32-4rhp-3985: A vulnerability was found in GPAC 2↗2024-06-17

▶

📋Vendor Advisories

Debian

CVE-2024-6062: gpac - A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classifie...↗2024

▶