What is the vulnerability ID of this vulnerability?

The vulnerability ID of this vulnerability is CVE-2023-1448.

What is the severity of CVE-2023-1448?

The severity of CVE-2023-1448 is high with a CVSS score of 7.8.

What is the affected software?

The affected software is GPAC version 2.3-DEV-rev35-gbbca86917-master.

How does the vulnerability affect GPAC?

The vulnerability affects GPAC by causing a heap-based buffer overflow in the gf_m2ts_process_sdt function of the file media_tools/mpegts.c.

Is local access required to exploit this vulnerability?

Yes, attacking locally is a requirement to exploit this vulnerability.

Are there any known remedies or fixes for this vulnerability?

Yes, the recommended fixes for this vulnerability are GPAC versions 1.0.1+dfsg1-4+deb11u3 and 2.2.1+dfsg1-3, or any later versions.

What is the Common Vulnerabilities and Exposures (CVE) ID?

The Common Vulnerabilities and Exposures (CVE) ID is CVE-2023-1448.

What is the CWE ID for this vulnerability?

The CWE ID for this vulnerability is CWE-119 and CWE-122.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability at the following references: [1](https://github.com/gpac/gpac/issues/2388), [2](https://github.com/xxy1126/Vuln/blob/main/gpac/3), [3](https://vuldb.com/?ctiid.223293).

Vulnerability/
CVE-2023-1448

high

7.8

CWE

122 119

17/3/2023

2/8/2024

CVE-2023-1448: GPAC mpegts.c gf_m2ts_process_sdt heap-based overflow

First published: Fri Mar 17 2023(Updated: )

A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability.

Credit: cna@vuldb.com cna@vuldb.com

Affected Software	Affected Version	How to fix
debian/gpac	<=0.5.2-426-gc5ad4e4+dfsg5-5	1.0.1+dfsg1-4+deb11u3 2.2.1+dfsg1-3
GPAC GPAC	=2.3-dev
	=2.3-dev

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2023-1448.
What is the severity of CVE-2023-1448?
The severity of CVE-2023-1448 is high with a CVSS score of 7.8.
What is the affected software?
The affected software is GPAC version 2.3-DEV-rev35-gbbca86917-master.
How does the vulnerability affect GPAC?
The vulnerability affects GPAC by causing a heap-based buffer overflow in the gf_m2ts_process_sdt function of the file media_tools/mpegts.c.
Is local access required to exploit this vulnerability?
Yes, attacking locally is a requirement to exploit this vulnerability.
Are there any known remedies or fixes for this vulnerability?
Yes, the recommended fixes for this vulnerability are GPAC versions 1.0.1+dfsg1-4+deb11u3 and 2.2.1+dfsg1-3, or any later versions.
What is the Common Vulnerabilities and Exposures (CVE) ID?
The Common Vulnerabilities and Exposures (CVE) ID is CVE-2023-1448.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-119 and CWE-122.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following references: [1](https://github.com/gpac/gpac/issues/2388), [2](https://github.com/xxy1126/Vuln/blob/main/gpac/3), [3](https://vuldb.com/?ctiid.223293).

collector/security-tracker-debian
collector/nvd-index
agent/author
agent/type
agent/first-publish-date
agent/weakness
agent/severity
agent/title
agent/description
agent/references
agent/softwarecombine
agent/tags
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
collector/mitre-cve
source/MITRE
package-manager/debian
vendor/gpac
canonical/gpac gpac
version/gpac gpac/2.3-dev