Denial of Service Vulnerability in GPAC Product by GPAC
CVE-2023-46929

7.5HIGH

Key Information:

Vendor: GPAC
Status: Gpac
Vendor: CVE Published:; 3 January 2024

What is CVE-2023-46929?

A vulnerability exists within the GPAC media framework's MP4Box component that allows an attacker to initiate a denial of service condition. The flaw is located in the gf_avc_change_vui function in the av_parsers.c file, specifically at line 6872. By crafting malicious input, an attacker can exploit this vulnerability, causing the application to crash, thereby disrupting its service and affecting users dependent on its operations. Prompt remediation is advisable to maintain system stability.

References

https://github.com/gpac/gpac/issues/2662

https://github.com/gpac/gpac/commit/4248def5d24325aeb0e35...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 3, 2024
Vulnerability Reserved
Oct 30, 2023