Heap-based Buffer Overflow Vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master Allows Remote Attackers to Execute Arbitrary Code and Cause Denial of Service (DoS)
CVE-2023-46426

Currently unrated

Key Information:

Vendor: gpac
Vendor: CVE Published:; 9 March 2024

What is CVE-2023-46426?

A vulnerability exists in the GPAC software that permits remote attackers to exploit a heap-based buffer overflow. This flaw is specifically triggered within the gf_fwrite component located in the utils/os_file.c file. Successful exploitation can lead to arbitrary code execution, allowing attackers to manipulate the application’s execution flow. Additionally, this vulnerability has the potential to result in a denial of service, compromising the availability and functionality of systems relying on GPAC. Users of this product should prioritize patching and implementing security measures to mitigate the risk associated with this vulnerability.

References

https://github.com/gpac/gpac/issues/2642

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2024
Vulnerability Reserved
Oct 23, 2023