Vulnerability Details CVE-2020-16160
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://blog.inhq.net/posts/gopro-gpmf-parser-vuln-1/
- https://github.com/gopro/gpmf-parser/blob/2cc0af7ffee6f12934e2d57750bdf292f62b0a97/GPMF_parser.c#L1744
- https://blog.inhq.net/posts/gopro-gpmf-parser-vuln-1/
- https://github.com/gopro/gpmf-parser/blob/2cc0af7ffee6f12934e2d57750bdf292f62b0a97/GPMF_parser.c#L1744
Products affected by CVE-2020-16160
-
cpe:2.3:a:gopro:gpmf-parser:1.5