CVE-2023-0841

Public Exploit

GPAC reframe_mp3.c mp3_dmx_process heap-based overflow

Description

A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.

References

Link	Tags
https://vuldb.com/?id.221087	vdb entry third party advisory technical description
https://vuldb.com/?ctiid.221087	permissions required signature third party advisory
https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3	exploit
https://github.com/advisories/GHSA-w52x-cp47-xhhw
https://github.com/gpac/gpac/releases/tag/v2.2.1
https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4
https://github.com/gpac/gpac/issues/2396

Frequently Asked Questions

What is the severity of CVE-2023-0841?: CVE-2023-0841 has been scored as a medium severity vulnerability.
How to fix CVE-2023-0841?: To fix CVE-2023-0841, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-0841 being actively exploited in the wild?: It is possible that CVE-2023-0841 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-0841?: CVE-2023-0841 affects n/a GPAC.

Description

Categories

CWE-122 – Heap-based Buffer Overflow

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions