Published: 25/04/2022 Updated: 27/06/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gpac gpac 2.0.0
debian debian linux 11.0

Debian Bug report logs - #1016443 gpac: CVE-2022-29339 CVE-2022-29340 CVE-2022-29537 CVE-2022-30976 CVE-2022-1035 CVE-2022-1172 CVE-2022-1222 CVE-2022-1441 CVE-2022-1795 Package: src:gpac; Maintainer for src:gpac is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inu ...

Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code For the stable distribution (bullseye), these problems have been fixed in version 101+dfsg1-4+deb11u2 We recommend that you upgrade your gpac packages For the detailed security status of gpac please re ...

CWE-125 https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb https://github.com/gpac/gpac/issues/2175 https://www.debian.org/security/2023/dsa-5411 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016443 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5411

CVE-2022-1441

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect