Primary

Context

GPAC Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A buffer overflow vulnerability has been identified in GPAC version 2.5. This vulnerability allows local attackers to execute arbitrary code. The issue arises from improper handling of certain data, leading to a heap-based buffer overflow. The vulnerability can be exploited by crafting a specific input that is processed by the application, causing it to overwrite memory in a way that executes malicious code.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling GPAC with AddressSanitizer enabled, using a specific crafted file as input. This can be done by configuring the build to enable the sanitizer, compiling the application, and then running MP4Box with the crafted file, which triggers the buffer overflow.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GPAC Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

GPAC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating