Out-of-bounds Read in gpac/gpac
CVE-2023-5520

7.7HIGH

Key Information:

Vendor: Gpac
Status: Gpac/gpac
Vendor: CVE Published:; 11 October 2023

What is CVE-2023-5520?

An out-of-bounds read vulnerability in the GPAC multimedia framework prior to version 2.2.2 can potentially allow an attacker to read memory locations that they should not have access to, possibly leading to information disclosure or program crashes. This security flaw arises in scenarios where input is not properly validated, highlighting the importance of rigorous input handling. Users are advised to update to version 2.2.2 or later to mitigate risks associated with this vulnerability.

Affected Version(s)

gpac/gpac < 2.2.2

References

https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f7...

https://github.com/gpac/gpac/commit/5692dc729491805e0e5f5...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2023
Vulnerability Reserved
Oct 11, 2023

Gpac

What is CVE-2023-5520?

Affected Version(s)

References

CVSS V3.1

Timeline