Vulnerability Details CVE-2018-20762
GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
- https://github.com/gpac/gpac/issues/1187
- https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html
- https://usn.ubuntu.com/3926-1/
- https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
- https://github.com/gpac/gpac/issues/1187
- https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html
- https://usn.ubuntu.com/3926-1/
Products affected by CVE-2018-20762
-
cpe:2.3:a:gpac_project:gpac:*
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10
-
cpe:2.3:o:debian:debian_linux:8.0