CVE-2024-6061

GPAC MP4Box isoffin_read.c isoffin_process infinite loop

CVSS 4.8 MEDIUMEPSS 0.4%CWE-835

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

17 jun 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 20c0f29139a82779b86453ce7f68d0681ec7624c. It is recommended to apply a patch to fix this issue. The identifier VDB-268789 was assigned to this vulnerability.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Produtos afetados

n/a · GPAC

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/gpac/gpac/commit/20c0f29139a82779b86453ce7f68d0681ec7624c https://github.com/gpac/gpac/issues/2871 https://github.com/user-attachments/files/15801058/poc1.zip https://vuldb.com/?ctiid.268789 https://vuldb.com/?id.268789 https://vuldb.com/?submit.356308