Buffer Overflow Vulnerability in GPAC MP4Box by GPAC
CVE-2023-46001

5.5MEDIUM

Key Information:

Vendor: Gpac
Status: Gpac
Vendor: CVE Published:; 7 November 2023

What is CVE-2023-46001?

A buffer overflow vulnerability exists in GPAC's MP4Box version 2.3-DEV-rev573-g201320819-master, specifically in the gf_isom_get_user_data function located in the isom_read.c file. This flaw can be exploited by a local attacker to cause a denial of service, potentially disrupting the functionality of the application. Users of GPAC MP4Box should be aware of this vulnerability and consider applying the latest updates to mitigate any risks associated with it.

References

https://github.com/gpac/gpac/issues/2629

https://github.com/gpac/gpac/commit/e79b0cf7e72404750630b...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Oct 16, 2023

Gpac

What is CVE-2023-46001?

References

CVSS V3.1

Timeline