CVE-2024-6062

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Jun 17, 2024

Updated: Jun 20, 2024

CWE ID 476

Summary

CVE-2024-6602 is a newly disclosed vulnerability affecting the GPAC 2.5-DEV-rev228-g11067ea92-master component MP4Box. Specifically, the function swf_svg_add_iso_sample in the file src/filters/load_text.c contains a null pointer dereference issue. This vulnerability can be exploited locally, allowing attackers to manipulate the affected software. The exploit for this vulnerability has been made public, increasing the risk. To mitigate this issue, it is recommended to apply the patch with identifier 31e499d310a48bd17c8b055a0bfe0fe35887a7cd as soon as possible. VDB-268790 is the assigned identifier for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database