Heap Buffer Overflow in GPAC Affects Multiple Versions of MP4Box
CVE-2023-46927

5.5MEDIUM

Key Information:

Vendor: Gpac
Status: Gpac
Vendor: CVE Published:; 1 November 2023

What is CVE-2023-46927?

A heap buffer overflow vulnerability exists in GPAC's MP4Box component. This issue arises in the function gf_isom_use_compact_size located in isom_write.c. When handling certain media files, improper handling of memory allocation can lead to memory corruption, potentially allowing an attacker to execute arbitrary code or cause application crashes. Users of GPAC, especially those using MP4Box, are advised to apply necessary updates and monitor security channels for patches addressing this vulnerability.

References

https://github.com/gpac/gpac/issues/2657

https://github.com/gpac/gpac/commit/a7b467b151d9b54badbc4...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
Oct 30, 2023

Gpac

What is CVE-2023-46927?

References

CVSS V3.1

Timeline