Out-of-bounds Write Affecting gpac package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-GPAC-3322490
- published 16 Feb 2023
- disclosed 15 Feb 2023
Introduced: 15 Feb 2023
CVE-2023-0841 Open this link in a new tabHow to fix?
There is no fixed version for Debian:11 gpac.
NVD Description
Note: Versions mentioned in the description apply only to the upstream gpac package and not the gpac package as distributed by Debian.
See How to fix? for Debian:11 relevant fixed versions and status.
A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.
References
- https://security-tracker.debian.org/tracker/CVE-2023-0841
- https://github.com/advisories/GHSA-w52x-cp47-xhhw
- https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4
- https://github.com/gpac/gpac/issues/2396
- https://github.com/gpac/gpac/releases/tag/v2.2.1
- https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3
- https://vuldb.com/?ctiid.221087
- https://vuldb.com/?id.221087