Lucene search

Veracode Vulnerability DatabaseVERACODE:45191

HistoryJan 29, 2024 - 8:59 a.m.

Buffer Overflow

2024-01-2908:59:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

buffer overflow

libgpac.so

size validation

compressor_name

arbitrary size

software

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.5%

JSON

libgpac.so is vulnerable to Buffer overflow. The vulnerability is due to a lack of size validation for the compressor_name parameter within the gf_isom_new_generic_sample_description function. An attacker can enter an arbitrary size which leads to buffer overflow.

CPENameOperatorVersion
libgpac.sole10.1.0
libgpac.sole10.1.0

CPE	Name	Operator	Version
	libgpac.so	le	10.1.0
	libgpac.so	le	10.1.0

References

github.com/gpac/gpac/commit/7aef8038c6bdd310e65000704e39afaa0e721048

github.com/gpac/gpac/issues/2713

github.com/hanxuer/crashes/blob/main/gapc/01/readme.md

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.5%

JSON

Related for VERACODE:45191