Heap-based Buffer Overflow in gpac/gpac
CVE-2023-1655

7.8HIGH

Key Information:

Vendor

Gpac

Status
Gpac/gpac
Vendor
CVE Published:
27 March 2023

What is CVE-2023-1655?

The heap-based buffer overflow vulnerability found in GPAC versions prior to 2.4.0 allows an attacker to manipulate memory allocation, potentially leading to arbitrary code execution or system corruption. This issue arises from improper handling of data, necessitating immediate updates to mitigate risks associated with exploitation.

Affected Version(s)

gpac/gpac < 2.4.0

References

https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f7341...
https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f95...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.