CVE-2024-6063

Опубликовано: 17 июн. 2024

Источник: nvd

CVSS3: 3.3

CVSS3: 5.5

CVSS2: 1.7

EPSS Низкий

Описание

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-268791.

Ссылки

https://github.com/gpac/gpac/commit/8767ed0a77c4b02287db3723e92c2169f67c85d5
Patch
https://github.com/gpac/gpac/issues/2873
Exploit
Third Party Advisory
https://github.com/user-attachments/files/15801157/poc.zip
Broken Link
https://vuldb.com/?ctiid.268791
Permissions Required
https://vuldb.com/?id.268791
Permissions Required
https://vuldb.com/?submit.356315
Third Party Advisory
https://github.com/gpac/gpac/commit/8767ed0a77c4b02287db3723e92c2169f67c85d5
Patch
https://github.com/gpac/gpac/issues/2873
Exploit
Third Party Advisory
https://github.com/user-attachments/files/15801157/poc.zip
Broken Link
https://vuldb.com/?ctiid.268791
Permissions Required
https://vuldb.com/?id.268791
Permissions Required
https://vuldb.com/?submit.356315
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gpac:gpac:2.5-dev-rev288-g11067ea92-master:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00037

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

1.7 Low

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2024-6063

CVSS3: 3.3

ubuntu

больше 1 года назад

CVE-2024-6063

CVSS3: 3.3

debian

больше 1 года назад

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It ...

GHSA-xh4q-h4wh-8q8p

CVSS3: 3.3

github

больше 1 года назад

EPSS

Процентиль: 11%

0.00037

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

1.7 Low

CVSS2

Дефекты

CWE-476