Out-of-Bounds Write Vulnerability in GPAC by GPAC Team
CVE-2018-20763

7.8HIGH

Key Information:

Vendor

Gpac Project

Status
Gpac
Vendor
CVE Published:
6 February 2019

What is CVE-2018-20763?

In GPAC versions 0.7.1 and earlier, there exists an out-of-bounds write vulnerability due to inadequate bounds checking in the gf_text_get_utf8_line function within media_tools/text_import.c of libgpac_static.a. This flaw could potentially allow attackers to manipulate memory allocation, leading to unpredictable behavior or corruption. It is essential for users of affected GPAC versions to apply available updates to mitigate potential security risks.

References

https://lists.debian.org/debian-lts-announce/2019/02/msg0...
mailing-listx_refsource_MLIST
https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb88...
x_refsource_MISC
https://github.com/gpac/gpac/issues/1188
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.