GPAC 2.3-DEV-rev381-g817a848f6-master /lib/libgpac.so BM_ParseIndexValueReplace memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.5 | $0-$5k | 0.00 |
Summary
A vulnerability was found in GPAC 2.3-DEV-rev381-g817a848f6-master. It has been rated as critical. Affected by this issue is the function BM_ParseIndexValueReplace in the library /lib/libgpac.so. Performing a manipulation results in memory corruption.
This vulnerability is identified as CVE-2023-37767. There is not any exploit available.
Details
A vulnerability, which was classified as critical, was found in GPAC 2.3-DEV-rev381-g817a848f6-master. This affects the function BM_ParseIndexValueReplace in the library /lib/libgpac.so. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.
The weakness was released 07/12/2023 as 2514. It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2023-37767 since 07/10/2023. Technical details of the vulnerability are known, but there is no available exploit.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-41643). Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
Version
License
Website
- Product: https://github.com/gpac/gpac/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.5
VulDB Base Score: 5.5
VulDB Temp Score: 5.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
07/10/2023 🔍07/12/2023 🔍
07/12/2023 🔍
01/18/2026 🔍
Sources
Product: github.comAdvisory: 2514
Status: Confirmed
CVE: CVE-2023-37767 (🔍)
GCVE (CVE): GCVE-0-2023-37767
GCVE (VulDB): GCVE-100-233751
EUVD: 🔍
Entry
Created: 07/12/2023 05:07Updated: 01/18/2026 06:31
Changes: 07/12/2023 05:07 (39), 07/30/2023 14:21 (9), 01/18/2026 06:31 (17)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.