Lucene search

Veracode Vulnerability DatabaseVERACODE:44608

HistoryDec 08, 2023 - 9:16 a.m.

Denial Of Service (DoS)

2023-12-0809:16:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libgpac.so

vulnerability

memory leak

gf_mpd_resolve_url

remote attackers

denial of service conditions

media_tools/mpd.c

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

libgpac.so is vulnerable to Denial of Service (DoS). The vulnerability occurs due to a memory leak, which exists in gf_mpd_resolve_url function of media_tools/mpd.c, allowing remote attackers to cause denial of service conditions.

CPENameOperatorVersion
libgpac.sole10.1.0
libgpac.sole10.1.0

CPE	Name	Operator	Version
	libgpac.so	le	10.1.0
	libgpac.so	le	10.1.0

References

gist.github.com/dr0v/1204f7a5f1e1497e7bca066638acfbf5

github.com/advisories/GHSA-7884-jhm8-9h7h

github.com/gpac/gpac/commit/249c9fc18704e6d3cb6a4b173034a41aa570e7e4

github.com/gpac/gpac/issues/2689

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for VERACODE:44608