Home > Vulnerability Database > CVE-2018-1000100

Mend.io Vulnerability Database

CVE-2018-1000100

Date: March 6, 2018

GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE.

Language: C

Severity Score

7.8

Related Resources (5)

Url: https://usn.ubuntu.com/3926-1/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000100

Url: https://github.com/gpac/gpac/issues/994

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-1000100

Url: https://www.mend.io/vulnerability-database/CVE-2018-1000100

Severity Score

7.8

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-1000100

Date: March 6, 2018

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?