CVE-2024-6064

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf690567980d96662f5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-268792.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gpac:gpac:2.5-dev-rev288-g11067ea92-master:*:*:*:*:*:*:*

History

25 Sep 2024, 15:08

Type Values Removed Values Added
CPE cpe:2.3:a:gpac:gpac:2.5-dev-rev288-g11067ea92-master:*:*:*:*:*:*:*
CVSS v2 : 4.3
v3 : 5.3
v2 : 4.3
v3 : 5.5
First Time Gpac gpac
Gpac
References () https://github.com/gpac/gpac/commit/c1b9c794bad8f262c56f3cf690567980d96662f5 - () https://github.com/gpac/gpac/commit/c1b9c794bad8f262c56f3cf690567980d96662f5 - Patch
References () https://github.com/gpac/gpac/issues/2874 - () https://github.com/gpac/gpac/issues/2874 - Exploit, Issue Tracking, Third Party Advisory
References () https://github.com/user-attachments/files/15801189/poc.zip - () https://github.com/user-attachments/files/15801189/poc.zip - Broken Link
References () https://vuldb.com/?ctiid.268792 - () https://vuldb.com/?ctiid.268792 - Permissions Required
References () https://vuldb.com/?id.268792 - () https://vuldb.com/?id.268792 - Third Party Advisory
References () https://vuldb.com/?submit.356316 - () https://vuldb.com/?submit.356316 - Third Party Advisory

18 Jun 2024, 14:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en GPAC 2.5-DEV-rev228-g11067ea92-master. Ha sido declarada problemática. Esta vulnerabilidad afecta a la función xmt_node_end del archivo src/scene_manager/loader_xmt.c del componente MP4Box. La manipulación conduce al use after free. Se requiere acceso local para abordar este ataque. El exploit ha sido divulgado al público y puede utilizarse. El nombre del parche es f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf690567980d96662f5. Se recomienda aplicar un parche para solucionar este problema. El identificador de esta vulnerabilidad es VDB-268792.

17 Jun 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-17 21:15

Updated : 2024-09-25 15:08


NVD link : CVE-2024-6064

Mitre link : CVE-2024-6064

CVE.ORG link : CVE-2024-6064


JSON object : View

Products Affected

gpac

  • gpac
CWE
CWE-416

Use After Free