PT-2024-5527 · Gpac+1 · Gpac+1
Frank-Z7
·
Published
2024-01-03
·
Updated
2024-08-07
·
CVE-2023-46929
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
GPAC version 2.3-DEV-rev605-gfc9e29089-master
Description
An issue in GPAC's MP4Box, specifically in the
gf avc change vui function, allows attackers to crash the application. This is related to a lack of protection measures for the structure of web pages, which can be exploited by a remote attacker to cause a denial of service.Recommendations
As a temporary workaround, consider disabling the
gf avc change vui function until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Resource Release
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gpac
Red Os