GPAC 2.5-DEV-rev228-g11067ea92-master MP4Box src/filters/dmx_m2ts.c m2tsdmx_on_event null pointer dereference
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.9 | $0-$5k | 0.00 |
Summary
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. The affected element is the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. Performing a manipulation results in null pointer dereference.
This vulnerability is identified as CVE-2024-6063. The attack is only possible with local access. Additionally, an exploit exists.
It is recommended to apply a patch to fix this issue.
Details
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation with an unknown input leads to a null pointer dereference vulnerability. CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. This is going to have an impact on availability.
It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2024-6063. The exploitability is told to be easy. Attacking locally is a requirement. Technical details and a public exploit are known.
The exploit is shared for download at github.com. It is declared as proof-of-concept.
Applying the patch 8767ed0a77c4b02287db3723e92c2169f67c85d5 is able to eliminate this problem. The bugfix is ready for download at github.com.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
Version
License
Website
- Product: https://github.com/gpac/gpac/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.0VulDB Meta Temp Score: 3.9
VulDB Base Score: 3.3
VulDB Temp Score: 3.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CNA Base Score: 3.3
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: 8767ed0a77c4b02287db3723e92c2169f67c85d5
Timeline
06/17/2024 🔍06/17/2024 🔍
09/26/2024 🔍
Sources
Product: github.comAdvisory: 2873
Status: Confirmed
CVE: CVE-2024-6063 (🔍)
GCVE (CVE): GCVE-0-2024-6063
GCVE (VulDB): GCVE-100-268791
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 06/17/2024 15:43Updated: 09/26/2024 04:03
Changes: 06/17/2024 15:43 (59), 06/19/2024 03:36 (19), 09/26/2024 04:03 (12)
Complete: 🔍
Submitter: Fantasy
Cache ID: 216:58C:103
Submit
Accepted
- Submit #356315: gpac 2.5-DEV-rev228-g11067ea92-master Null pointer deference in filters/dmx_m2ts.c:1215 (by Fantasy)
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.