CVE-2018-20762

Name of the Vulnerable Software and Affected Versions GPAC versions 0.7.1 and earlier

Description The issue is related to a buffer overflow in the cat multiple files function of the GPAC multimedia platform. This can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability is specifically found in the applications/mp4box/fileimport.c file when MP4Box is used with a local directory containing crafted filenames.

Recommendations For GPAC versions 0.7.1 and earlier, consider disabling the cat multiple files function as a temporary workaround until a patch is available. Restrict access to the fileimport.c module to minimize the risk of exploitation. Avoid using crafted filenames in the affected MP4Box application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.