Lucene search

Veracode Vulnerability DatabaseVERACODE:43553

HistoryOct 06, 2023 - 7:02 a.m.

Denial Of Service (DoS)

2023-10-0607:02:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

vulnerability

chnl_box_read

box_code_base.c

application crash

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

20.7%

JSON

libgpac.so is vulnerable to Denial Of Service (DoS). The vulnerability arises from an out-of-bound read in the chnl_box_read function of box_code_base.c. This occurs because the variable ptr->layout.channels_count can exceed the actual number of layouts in ptr->layout.layouts[] and surpass the maximum number of layouts Initialized, potentially leading to an application crash.

CPENameOperatorVersion
libgpac.soeq10.1.0
libgpac.soeq10.1.0

CPE	Name	Operator	Version
	libgpac.so	eq	10.1.0
	libgpac.so	eq	10.1.0

References

github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce

github.com/gpac/gpac/issues/2606

huntr.dev/bounties/fe778df4-3867-41d6-954b-211c81bccbbf

huntr.dev/bounties/fe778df4-3867-41d6-954b-211c81bccbbf/

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

20.7%

JSON

Related for VERACODE:43553