A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-268791.
References
Link | Resource |
---|---|
https://github.com/gpac/gpac/commit/8767ed0a77c4b02287db3723e92c2169f67c85d5 | Patch |
https://github.com/gpac/gpac/issues/2873 | Exploit Third Party Advisory |
https://github.com/user-attachments/files/15801157/poc.zip | Broken Link |
https://vuldb.com/?ctiid.268791 | Permissions Required |
https://vuldb.com/?id.268791 | Permissions Required |
https://vuldb.com/?submit.356315 | Third Party Advisory |
Configurations
History
25 Sep 2024, 16:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/gpac/gpac/commit/8767ed0a77c4b02287db3723e92c2169f67c85d5 - Patch | |
References | () https://github.com/gpac/gpac/issues/2873 - Exploit, Third Party Advisory | |
References | () https://github.com/user-attachments/files/15801157/poc.zip - Broken Link | |
References | () https://vuldb.com/?ctiid.268791 - Permissions Required | |
References | () https://vuldb.com/?id.268791 - Permissions Required | |
References | () https://vuldb.com/?submit.356315 - Third Party Advisory | |
First Time |
Gpac gpac
Gpac |
|
CVSS |
v2 : v3 : |
v2 : 1.7
v3 : 5.5 |
CPE | cpe:2.3:a:gpac:gpac:2.5-dev-rev288-g11067ea92-master:*:*:*:*:*:*:* |
18 Jun 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
17 Jun 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-17 21:15
Updated : 2024-09-25 16:01
NVD link : CVE-2024-6063
Mitre link : CVE-2024-6063
CVE.ORG link : CVE-2024-6063
JSON object : View
Products Affected
gpac
- gpac
CWE
CWE-476
NULL Pointer Dereference