CVE-2024-6063 — NULL Pointer Dereference in Gpac

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 88.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gpac Debian Gpac

Timeline

PublishedJun 17

Description

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply a patch to fix this issue. The associated identi…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5gpac/gpac2.5-DEV-rev228-g11067ea92-master

▶NVDgpac/gpac2.5-dev-rev288-g11067ea92-master

▶debiandebian/gpac

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-xh4q-h4wh-8q8p: A vulnerability was found in GPAC 2↗2024-06-17

▶

OSV

CVE-2024-6063: A vulnerability was found in GPAC 2↗2024-06-17

▶

📋Vendor Advisories

Debian

CVE-2024-6063: gpac - A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been ...↗2024

▶