CRITICAL🇵🇱 Wersja polska

CVE-2023-46427

CVSS 9.8v3.1pub. 2024-03-09upd. 2025-09-26

An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c.

🤖 AI Analysis
How it works

The vulnerability results from a lack of pointer validation before its use in the gf_dash_setup_period function located in the file media_tools/dash_client.c. An attacker can remotely trigger a situation where the pointer takes a NULL value, leading to a null pointer dereference error. Such an error can result in process termination or, under favorable conditions, allow the attacker to take control of code execution.

Impact

An attacker can remotely execute arbitrary code (RCE), cause denial of service (DoS) through application crash, and gain access to sensitive data processed by the GPAC library.

Mitigation & patch

Apply patches available from the vendor according to the references. It is recommended to monitor the official GPAC project repository (GitHub) to obtain the patched version and avoid processing untrusted DASH multimedia files until the patch is applied.

Who is affected

GPAC version 2.3-DEV-rev588-g7edc40fee-master

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gpac

    APP
    Gpac
    2.3-dev-rev588-g7edc40fee-master
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2024-0322CRITICAL9.1PL ✓ten sam produkt

Out-of-bounds Read w bibliotece GPAC — odczyt pamięci i awaria aplikacji

CVE-2024-0321CRITICAL9.8PL ✓ten sam produkt

Stack-based Buffer Overflow w GPAC — możliwe RCE bez uwierzytelnienia

CVE-2023-46932CRITICAL9.8PL ✓ten sam produkt

Heap Buffer Overflow w GPAC/MP4Box — RCE i DoS przez klasę str2ulong

CVE-2023-2840CRITICAL9.8ten sam produkt

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-2838CRITICAL9.1ten sam produkt

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.