CVE-2018-1000100

Name of the Vulnerable Software and Affected Versions: GPAC MP4Box versions 0.7.1 and earlier

Description: The issue is related to a buffer overflow vulnerability in the memory, which can be exploited to execute arbitrary code. This can be achieved by providing a specially crafted MP4 file to the victim, potentially leading to remote code execution (RCE). The vulnerability is located in the src/isomedia/avc ext.c file, specifically in lines 2417 to 2420.

Recommendations: For GPAC MP4Box versions 0.7.1 and earlier, consider disabling the execution of MP4 files from untrusted sources until a patch is available. As a temporary workaround, restrict access to the src/isomedia/avc ext.c file to minimize the risk of exploitation. Avoid using the vulnerable function in the affected code lines (2417 to 2420) until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.