Lucene search

Veracode Vulnerability DatabaseVERACODE:43178

HistorySep 07, 2023 - 6:23 a.m.

Out-of-bounds Read

2023-09-0706:23:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libgpac.so

out-of-bounds read

gf_bt_get_next

denial of service

dos

loader_bt.c

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

libgpac.so is vulnerable to an Out-of-bounds Read. The vulnerability is due to a lack of validating the upper bound for the line_pos index which is used to read data from the line_buffer. This flaw is located in the gf_bt_get_next method inside the src/scene_manager/loader_bt.c file. An attacker can exploit this vulnerability to mount Denial Of Service (DOS) attack.

CPENameOperatorVersion
libgpac.sole10.1.0
libgpac.sole10.1.0

CPE	Name	Operator	Version
	libgpac.so	le	10.1.0
	libgpac.so	le	10.1.0

References

github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed

github.com/gpac/gpac/issues/2589

huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397

huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for VERACODE:43178