CVE-2023-2837 : Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.

Published 2023-05-22 18:15:09

Updated 2023-05-27 04:15:25

Source huntr.dev

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2023-2837

Gpac » Gpac
Versions before (<) 2.2.2
cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	huntr.dev
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Assigned by: security@huntr.dev (Primary)

https://www.debian.org/security/2023/dsa-5411

Debian -- Security Information -- DSA-5411-1 gpac

CVEs referencing this url
https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17

Stack-overflow in function xml_sax_parse at src/utils/xml_parser.c vulnerability found in gpac
Exploit;Patch;Third Party Advisory
https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611

fixed #2473 · gpac/gpac@6f28c4c · GitHub
Patch

Jump to