CRITICALšŸ‡µšŸ‡± Wersja polska

CVE-2024-0321

CVSS 9.8v3.1pub. 2024-01-08upd. 2024-11-21

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.

šŸ¤– AI Analysis
How it works

The vulnerability consists of a stack-based buffer overflow in the GPAC repository. Writing data beyond the boundaries of an allocated buffer (CWE-787 — out-of-bounds write) can lead to overwriting critical stack control structures, such as the function return address. The attack vector is network-based, requires no privileges or user interaction, making it exceptionally easy to exploit.

Impact

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code remotely (RCE) in the context of the application process, and consequently gain full control over the system, including violation of confidentiality, integrity, and availability of data.

Mitigation & patch

GPAC should be updated to version 2.3-DEV or newer. The patch is available in commit d0ced41651b279bb054eb6390751e2d4eb84819a in the official GPAC project GitHub repository.

Who is affected

GPAC in versions prior to 2.3-DEV (gpac/gpac repository on GitHub)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gpac

    APP
    Gpac
    < 2.3.0-dev
šŸ”µ
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2023-46427CRITICAL9.8PL āœ“ten sam produkt

GPAC: null pointer dereference w gf_dash_setup_period umożliwia RCE i DoS

CVE-2024-0322CRITICAL9.1PL āœ“ten sam produkt

Out-of-bounds Read w bibliotece GPAC — odczyt pamięci i awaria aplikacji

CVE-2023-46932CRITICAL9.8PL āœ“ten sam produkt

Heap Buffer Overflow w GPAC/MP4Box — RCE i DoS przez klasę str2ulong

CVE-2023-2840CRITICAL9.8ten sam produkt

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-2838CRITICAL9.1ten sam produkt

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2024-0321 — Gpac — CRITICAL — CVSS 9.8 | CVEbaza.pl