Lucene search

[email protected]CVE-2020-16158

HistoryOct 19, 2020 - 6:15 p.m.

CVE-2020-16158

2020-10-1918:15:12

CWE-787

[email protected]

web.nvd.nist.gov

cve-2020-16158

gopro

gpmf-parser

stack out-of-bounds write

vulnerability

nvd

code execution

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.1%

JSON

GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Parsing malicious input can result in a crash or potentially arbitrary code execution.

Affected configurations

NVD

Node

goprogpmf-parserRange≤1.5

CPENameOperatorVersion
gopro:gpmf-parsergopro gpmf-parserle1.5

CPE	Name	Operator	Version
gopro:gpmf-parser	gopro gpmf-parser	le	1.5

References

blog.inhq.net/posts/gopro-gpmf-parser-vuln-1/

github.com/gopro/gpmf-parser/blob/2cc0af7ffee6f12934e2d57750bdf292f62b0a97/GPMF_parser.c#L950-L954

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for CVE-2020-16158

nvd1 cvelist1 osv1 prion1