Out-of-bounds Read in gpac/gpac
CVE-2023-5377

7.1HIGH

Key Information:

Vendor: gpac
Status: gpac/gpac
Vendor: CVE Published:; 4 October 2023

What is CVE-2023-5377?

An out-of-bounds read vulnerability exists in the GPAC multimedia containers framework, affecting versions prior to 2.2.2-DEV. This flaw can potentially allow an attacker to read memory beyond the intended buffer, leading to information disclosure and other vulnerabilities if exploited. Users are urged to upgrade to the latest version to mitigate risks. For more details, visit the Huntr bounty page and the GitHub commit.

Affected Version(s)

gpac/gpac < unspecified

References

https://huntr.dev/bounties/fe778df4-3867-41d6-954b-211c81...

https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c46...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Oct 4, 2023