Segmentation Fault Vulnerability in GPAC MP4Box from GPAC
CVE-2024-50665

5.5MEDIUM

Key Information:

Vendor: GPAC
Status: GPAC MP4Box
Vendor: CVE Published:; 23 January 2025

What is CVE-2024-50665?

The GPAC MP4Box 2.4 version is susceptible to a segmentation fault within the file 'drm_sample.c'. This vulnerability occurs at line 1562 during the execution of the 'isom_cenc_get_sai_by_saiz_saio' function, potentially leading to unexpected behavior or crashes when processing specific media files. Affected users should take immediate action to mitigate the risk associated with this vulnerability as it can compromise the stability of applications relying on GPAC for MP4 file handling.

References

https://github.com/gpac/gpac/issues/2987

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Oct 28, 2024