CVE-2023-46932

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 9, 2023

Updated: Dec 12, 2023

CWE ID 787

Summary

CVE-2023-46932 is a critical vulnerability affecting GPAC version 2.3-DEV-rev617-g671976fcc-master. This issue involves a heap buffer overflow in the str2ulong class located in src/media_tools/avilib.c of gpac/MP4Box. Attackers can exploit this flaw to execute arbitrary code, leading to potential security compromises. Moreover, the vulnerability can also be used to cause a denial of service (DoS) attack. Users are strongly advised to update their GPAC software to a secure version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GPAC

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tMy8bs
https://www.cve.org/CVERecord?id=CVE-2023-46932
https://nvd.nist.gov/vuln/detail/CVE-2023-46932

Back to Vulnerability Database

CVE-2023-46932

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations