Lucene search

GoogleOSV:CVE-2022-47658

HistoryJan 05, 2023 - 4:15 p.m.

CVE-2022-47658

2023-01-0516:15:10

Google

osv.dev

gpac mp4box buffer overflow

vulnerability

gf_hevc_read_vps_bs_internal

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

31.1%

JSON

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039

CPENameOperatorVersion
gpaceq0.9.0-preview
gpaceq0.7.1
gpaceq2.0.0
gpaceq0.8.0
gpaceq1.0.1
gpaceq1.0.0
gpaceq0.6.1
gpaceq0.6.0
gpaceq0.9.0
gpaceq0.7.0

Name	Operator	Version
gpac	eq	0.9.0-preview
gpac	eq	0.7.1
gpac	eq	2.0.0
gpac	eq	0.8.0
gpac	eq	1.0.1
gpac	eq	1.0.0
gpac	eq	0.6.1
gpac	eq	0.6.0
gpac	eq	0.9.0
gpac	eq	0.7.0

Rows per page:

1-10 of 111

References

github.com/gpac/gpac/issues/2356

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

31.1%

JSON

Related for OSV:CVE-2022-47658