Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentVulDBVULNRICHMENT:CVE-2024-6063
HistoryJun 17, 2024 - 8:31 p.m.

CVE-2024-6063 GPAC MP4Box dmx_m2ts.c m2tsdmx_on_event null pointer dereference

2024-06-1720:31:04
CWE-476
VulDB
github.com
2
gpac mp4box vulnerability
null pointer dereference
m2tsdmx_on_event
patch 8767ed0a77c4b02287db3723e92c2169f67c85d5
vdb-268791

CVSS2

1.7

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS4

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

5.1%

SSVC

Exploitation

poc

Automatable

no

Technical Impact

partial

JSON

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-268791.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:gpac:gpac:2.5-dev-rev228-g11067ea92-master:*:*:*:*:*:*:*"
    ],
    "vendor": "gpac",
    "product": "gpac",
    "versions": [
      {
        "status": "affected",
        "version": "2.5-dev-rev228-g11067ea92-master"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Related

cve 1
debiancve 1
ubuntucve 1
cvelist 1
nvd 1
osv 1
veracode 1
cve
cve
CVE-2024-6063
2024-06-17 21:15:51
debiancve
debiancve
CVE-2024-6063
2024-06-17 21:15:51
ubuntucve
ubuntucve
CVE-2024-6063
2024-06-17 00:00:00
cvelist
cvelist
CVE-2024-6063 GPAC MP4Box dmx_m2ts.c m2tsdmx_on_event null pointer dereference
2024-06-17 20:31:04
nvd
nvd
CVE-2024-6063
2024-06-17 21:15:51
osv
osv
CVE-2024-6063
2024-06-17 21:15:51
veracode
veracode
NULL Pointer Dereference
2024-07-24 05:06:18

CVSS2

1.7

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS4

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

5.1%

SSVC

Exploitation

poc

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-6063
cve1debiancve1ubuntucve1cvelist1nvd1osv1veracode1