Buffer Overflow Vulnerability in GPAC MP4Box Affects Multiple Versions
CVE-2018-1000100

7.8HIGH

Key Information:

Vendor: Gpac Project
Status: Gpac
Vendor: CVE Published:; 6 March 2018

🔔 Create Gpac Project Vulnerability Alert

What is CVE-2018-1000100?

The GPAC MP4Box tool, specifically versions up to and including 0.7.1, is vulnerable to a buffer overflow in the avc_ext.c source file. This vulnerability allows an attacker to craft a malicious MP4 file that, when processed by an unsuspecting user, can lead to modification of heap chunks. If successfully exploited, this may enable remote code execution on the victim's system. Users are advised to avoid processing untrusted MP4 files and to apply patches as soon as they are available to mitigate potential risks.

References

https://github.com/gpac/gpac/issues/994

x_refsource_MISC

https://usn.ubuntu.com/3926-1/

vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2018
Vulnerability Reserved
Mar 6, 2018