6.8
CVSSv2

CVE-2019-11221

Published: 15/04/2019 Updated: 10/05/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A vulnerability in GPAC could allow an unauthenticated, remote malicious user to trigger a buffer overflow condition on a targeted system. The vulnerability is due to insufficient checks in the gf_import_message function, as defined in the media_import.c source code file of the affected software. An attacker could exploit this vulnerability by sending a crafted SubRip Subtitle (SRT) file to the affected software. A successful exploit could allow the malicious user to cause a buffer overflow condition on the targeted system, which could be used to gain access to sensitive information, modify files on the system or cause a denial of service (DoS) condition. GPAC has not confirmed this vulnerability and software updates are not available; however, third party announcements are available. Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gpac gpac 0.7.1

debian debian linux 8.0

Vendor Advisories

Debian Bug report logs - #926961 gpac: CVE-2019-11222: Buffer-overflow in gf_bin128_parse Package: src:gpac; Maintainer for src:gpac is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 12 Apr 2019 20:21:02 UTC Severity: important Tags ...
Debian Bug report logs - #926963 gpac: CVE-2019-11221: buffer-overflow issue in gf_import_message() in media_importc Package: src:gpac; Maintainer for src:gpac is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 12 Apr 2019 20:27:02 U ...