CVE-2023-0841 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-0841

CVE-2023-0841

February 15, 2023

A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.

Related Resources (8)

https://github.com/advisories/GHSA-w52x-cp47-xhhw

https://vuldb.com/?id.221087

https://security-tracker.debian.org/tracker/CVE-2023-0841

https://vuldb.com/?ctiid.221087

https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4

https://github.com/gpac/gpac/issues/2396

https://github.com/gpac/gpac/releases/tag/v2.2.1

https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

CVSS v2

Base Score:

7.5

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

Weakness Type (CWE)

Heap-based Buffer Overflow

CWE-122

Out-of-bounds Write

CWE-787

EPSS

Base Score:

0.86

Products

Solutions

Resources

Company

Compare

Developer Tools