CVE-2023-46001

2023-11-0722:15:11

Google

osv.dev

buffer overflow

gpac mp4box

denial of service

vulnerability

local attacker

isom_read.c

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.

CPENameOperatorVersion
gpaceq0.7.0
gpaceq2.0.0
gpaceq0.5.2
gpaceq0.9.0-preview
gpaceq0.8.0
gpaceq2.2.0
gpaceq1.0.1
gpaceq0.6.1
gpaceq0.7.1
gpaceq1.0.0