CVE-2023-4682

Name of the Vulnerable Software and Affected Versions GPAC versions prior to 2.3-DEV

Description The issue is related to a heap-based buffer overflow in the avi read function of the GPAC multimedia platform, which can lead to a denial of service. This is caused by the avi read function in the media tools/avilib.c file at line 67. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. The avi read function is vulnerable to a heap-based buffer overflow, but specific details about exploitation, such as API endpoints, vulnerable parameters, or function names, are not provided beyond the avi read function itself.

Recommendations For GPAC versions prior to 2.3-DEV, update to version 2.3-DEV or later to resolve the issue. As a temporary workaround, consider disabling the avi read function until a patch is available. Restrict access to the media tools/avilib.c file to minimize the risk of exploitation. Avoid using the avi read function in sensitive operations until the issue is resolved.