CVE-2022-47657

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.1-DEV-rev644-g5c4df2a67

Description The issue is related to a buffer overflow in the hevc parse vps extension function, located in the media tools/av parsers.c file at line 7662. This buffer overflow can be exploited, potentially leading to security issues.

Recommendations For GPAC MP4Box version 2.1-DEV-rev644-g5c4df2a67, consider disabling the hevc parse vps extension function as a temporary workaround until a patch is available. Restrict access to the media tools/av parsers.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.