Lucene search

Veracode Vulnerability DatabaseVERACODE:43171

HistorySep 06, 2023 - 9:26 a.m.

Out-of-bounds Read

2023-09-0609:26:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libgpac.so

out-of-bounds read

mpeg12_parseseqhdr

dos attack

application crash

vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

Percentile

12.7%

JSON

libgpac.so is vulnerable to Out-of-bounds Read. The vulnerability is caused by not validating a variable named buflen to contain a data of sufficient length in a function MPEG12_ParseSeqHdr in a file media_tools/mpeg2_ps.c. A attacker can exploit this vulnerability to mount a Denial Of Service (DOS) attack causing an application to crash.

CPENameOperatorVersion
libgpac.sole10.1.0
libgpac.sole10.1.0

CPE	Name	Operator	Version
	libgpac.so	le	10.1.0
	libgpac.so	le	10.1.0

References

github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63

github.com/gpac/gpac/issues/2580

huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc

huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

Percentile

12.7%

JSON

Related for VERACODE:43171