CVE-2020-24829 - Vulnerability Details - OpenCVE

An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gpac	Gpac

Configuration 1 [-]

cpe:2.3:a:gpac:gpac:0.8.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/gpac/gpac/blob/v0.5.2/src/media_tools/mpegts.c#L2204
https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2
https://github.com/gpac/gpac/issues/1422

History

Wed, 05 Mar 2025 23:00:00 +0000

Type	Values Removed	Values Added
Description	An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file.	An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file.
References		https://github.com/gpac/gpac/blob/v0.5.2/src/media_tools/mpegts.c#L2204 https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-04T20:02:38.000Z

Updated: 2025-03-05T22:52:44.140Z

Reserved: 2020-08-28T00:00:00.000Z

Link: CVE-2020-24829

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-08-04T21:15:08.077

Modified: 2025-03-05T23:15:13.040

Link: CVE-2020-24829

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2025-03-05T22:52:44.140Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"url": "https://github.com/gpac/gpac/issues/1422"}, {"url": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2"}, {"url": "https://github.com/gpac/gpac/blob/v0.5.2/src/media_tools/mpegts.c#L2204"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24829", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/gpac/gpac/issues/1422", "refsource": "MISC", "url": "https://github.com/gpac/gpac/issues/1422"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:19:09.390Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gpac/gpac/issues/1422"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24829", "datePublished": "2021-08-04T20:02:38.000Z", "dateReserved": "2020-08-28T00:00:00.000Z", "dateUpdated": "2025-03-05T22:52:44.140Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gpac:gpac:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "93EEFCFD-7417-40E6-84BF-4EA630F2A8A1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file."}, {"lang": "es", "value": "Se ha detectado un problema en GPAC versi\u00f3n v0.8.0, como se ha demostrado en MP4Box. Contiene un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n gf_m2ts_section_complete en el archivomedia_tools/mpegts.c que puede causar una denegaci\u00f3n de servicio (DOS) por medio de un archivo MP4 dise\u00f1ado"}], "id": "CVE-2020-24829", "lastModified": "2025-03-05T23:15:13.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-04T21:15:08.077", "references": [{"source": "cve@mitre.org", "url": "https://github.com/gpac/gpac/blob/v0.5.2/src/media_tools/mpegts.c#L2204"}, {"source": "cve@mitre.org", "url": "https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/gpac/gpac/issues/1422"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/gpac/gpac/issues/1422"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}