CVE-2023-46929

Exploit

EPSS 0.26%
Veröffentlicht 03.01.2024 19:15:08
Zuletzt bearbeitet 18.06.2025 16:15:22
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gpac ≫ Gpac Version2.3-dev-rev605-gfc9e29089-master

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.495

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/gpac/gpac/commit/4248def5d24325aeb0e35cacde3d56c9411816a6

Patch

https://github.com/gpac/gpac/issues/2662

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-46929

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46929

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46929

EUVD