CVE-2022-47657: Buffer Overflow
First published: Thu Jan 05 2023(Updated: )
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/gpac | <=0.5.2-426-gc5ad4e4+dfsg5-5 | 1.0.1+dfsg1-4+deb11u3 2.2.1+dfsg1-3 |
| GPAC GPAC | <2.2.0 | |
| <2.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this GPAC MP4Box vulnerability?
The vulnerability ID for this GPAC MP4Box vulnerability is CVE-2022-47657.
What is the severity of CVE-2022-47657?
CVE-2022-47657 has a severity rating of 7.8 (High).
Which software versions are affected by CVE-2022-47657?
The affected software versions are GPAC versions up to and including 2.2.0.
How can I fix the CVE-2022-47657 vulnerability in GPAC MP4Box?
To fix the CVE-2022-47657 vulnerability in GPAC MP4Box, update to versions 1.0.1+dfsg1-4+deb11u3 or 2.2.1+dfsg1-3.
Where can I find more information about CVE-2022-47657?
You can find more information about CVE-2022-47657 at the following references: [Link 1](https://github.com/gpac/gpac/issues/2355), [Link 2](https://github.com/gpac/gpac/commit/9f1e633184904fffc315bd35ebce76b4b42f9097), [Link 3](https://security-tracker.debian.org/tracker/CVE-2022-47657).
- collector/security-tracker-debian
- collector/nvd-index
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- package-manager/debian
- vendor/gpac
- canonical/gpac gpac