Lucene search
HistoryJan 10, 2024 - 9:15 a.m.
CVE-2023-50120
mp4box gpac version
infinite loop vulnerability
av1_uvlc function
dos
crafted mp4 file
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0
Percentile
12.7%
MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
Affected configurations
Node
gpacgpacMatch2.3dev
References
Related
debiancve
debiancve
CVE-2023-50120
2024-01-10 09:15:44
prion
prion
Design/Logic Flaw
2024-01-10 09:15:00
cvelist
cvelist
CVE-2023-50120
2024-01-10 00:00:00
ubuntucve
ubuntucve
CVE-2023-50120
2024-01-10 00:00:00
cve
cve
CVE-2023-50120
2024-01-10 09:15:44
osv
osv
CVE-2023-50120
2024-01-10 09:15:44
veracode
veracode
Denial Of Service (DoS)
2024-01-11 07:45:57
redos
redos
ROS-20240807-06
2024-08-07 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0
Percentile
12.7%
Related for NVD:CVE-2023-50120