PT-2024-22389 · Gpac+2 · Gpac+2
Janette88
·
Published
2024-03-15
·
Updated
2025-09-26
·
CVE-2024-28319
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
gpac version 2.3-DEV-rev921-g422b78ecf-master
Description
The issue is related to an out of boundary read vulnerability via the
gf dash setup period() function in the media tools/dash client.c file at line 6374. This vulnerability can allow a remote attacker to access confidential information.Recommendations
As a temporary workaround, consider disabling the
gf dash setup period() function until a patch is available.
Restrict access to the media tools/dash client.c module to minimize the risk of exploitation.
Avoid using the gf dash setup period() function in the affected gpac version until the issue is resolved.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Red Os
Gpac