CVE-2023-0841

high

Description

A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.

References

https://vuldb.com/?id.221087

https://vuldb.com/?ctiid.221087

https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3

https://github.com/gpac/gpac/releases/tag/v2.2.1

https://github.com/gpac/gpac/issues/2396

https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4

https://github.com/advisories/GHSA-w52x-cp47-xhhw

Details

Source: Mitre, NVD

Published: 2023-02-15

Updated: 2024-05-28

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High