CVE-2024-57184

An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2	Patch
https://github.com/gpac/gpac/issues/1421	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gpac:gpac:0.8.0:*:*:*:*:*:*:*

History

27 Jun 2025, 19:34

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en GPAC v0.8.0, como lo demuestra MP4Box. Contiene un desbordamiento de búfer basado en el montón en gf_m2ts_process_pmt en media_tools/mpegts.c:2163 que puede causar una denegación de servicio (DOS) a través de un archivo MP4 manipulado.
References	~~() https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2 -~~	() https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2 - Patch
References	~~() https://github.com/gpac/gpac/issues/1421 -~~	() https://github.com/gpac/gpac/issues/1421 - Exploit, Issue Tracking, Vendor Advisory
First Time		Gpac gpac Gpac
CPE		cpe:2.3:a:gpac:gpac:0.8.0:::::::*

24 Jan 2025, 15:15

Type	Values Removed	Values Added
CWE		CWE-120
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

24 Jan 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-24 14:15

Updated : 2025-06-27 19:34

NVD link : CVE-2024-57184

Mitre link : CVE-2024-57184

CVE.ORG link : CVE-2024-57184

JSON object : View

Products Affected

gpac

gpac

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

5.5 /10