Vulnerability Details : CVE-2022-1441
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.
Vulnerability category: Overflow
Products affected by CVE-2022-1441
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:gpac:gpac:2.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-1441
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-1441
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-1441
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-1441
-
https://www.debian.org/security/2023/dsa-5411
Debian -- Security Information -- DSA-5411-1 gpacThird Party Advisory
-
https://github.com/gpac/gpac/issues/2175
GPAC-2.0.0 MP4Box: stack overflow with unlimited length and controllable content in diST_box_read · Issue #2175 · gpac/gpac · GitHubExploit;Issue Tracking;Third Party Advisory
-
https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb
fixed #2175 · gpac/gpac@3dbe11b · GitHubPatch;Third Party Advisory
Jump to