CVE-2024-57184

Name of the Vulnerable Software and Affected Versions GPAC version 0.8.0

Description The issue is a heap-based buffer overflow in the gf m2ts process pmt function in media tools/mpegts.c:2163, which can cause a denial of service (DOS) via a crafted MP4 file. This can be exploited when processing a specially crafted MP4 file using MP4Box.

Recommendations For GPAC version 0.8.0, as a temporary workaround, consider disabling the gf m2ts process pmt function until a patch is available. Restrict access to the media tools/mpegts.c module to minimize the risk of exploitation. Avoid using MP4Box to process untrusted MP4 files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.