Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-47089
HistoryJan 05, 2023 - 3:15 p.m.

CVE-2022-47089

2023-01-0515:15:10
Debian Security Bug Tracker
security-tracker.debian.org
7

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.9%

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c

OSVersionArchitecturePackageVersionFilename
Debian11allgpac< 1.0.1+dfsg1-4+deb11u3gpac_1.0.1+dfsg1-4+deb11u3_all.deb
Debian10allgpac< 0.5.2-426-gc5ad4e4+dfsg5-5gpac_0.5.2-426-gc5ad4e4+dfsg5-5_all.deb
Debian999allgpac< 2.2.1+dfsg1-2gpac_2.2.1+dfsg1-2_all.deb

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.9%

Related for DEBIANCVE:CVE-2022-47089