Heap Buffer Overflow Vulnerability in GPAC by GPAC Project
CVE-2023-46932

9.8CRITICAL

Key Information:

Vendor: Gpac
Status: Gpac
Vendor: CVE Published:; 9 December 2023

What is CVE-2023-46932?

A heap buffer overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master allows attackers to exploit the str2ulong class within the src/media_tools/avilib.c file. This flaw could lead to arbitrary code execution, potentially giving attackers control over affected systems and causing denial of service. It is crucial to apply appropriate security measures to mitigate risks associated with this vulnerability.

References

https://github.com/gpac/gpac/issues/2669

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2023
Vulnerability Reserved
Oct 30, 2023

Gpac

What is CVE-2023-46932?

References

CVSS V3.1

Timeline