Description
GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/gpac/gpac/issues/994
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3926-1/
Scores
CVSS v3
7.8
EPSS
0.0021
EPSS Percentile
43.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (4)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
18.10
gpac_project/gpac
< 0.7.1
Published
Mar 06, 2018
Tracked Since
Feb 18, 2026