CVE-2023-46929

Exploit

EPSS 0.26%
Published 03.01.2024 19:15:08
Last modified 18.06.2025 16:15:22
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Gpac ≫ Gpac Version2.3-dev-rev605-gfc9e29089-master

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.26%	0.495

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/gpac/gpac/commit/4248def5d24325aeb0e35cacde3d56c9411816a6

Patch

https://github.com/gpac/gpac/issues/2662

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-46929

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-46929

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-46929

EUVD