CVE-2023-0841 - Vulnerability Details - OpenCVE

A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Gpac	Gpac

Configuration 1 [-]

cpe:2.3:a:gpac:gpac:2.3-dev-rev40-g3602a5ded:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/advisories/GHSA-w52x-cp47-xhhw
https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4
https://github.com/gpac/gpac/issues/2396
https://github.com/gpac/gpac/releases/tag/v2.2.1
https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3
https://vuldb.com/?ctiid.221087
https://vuldb.com/?id.221087

History

Thu, 13 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-02-15T13:33:53.115Z

Updated: 2025-02-13T16:39:08.911Z

Reserved: 2023-02-15T13:33:07.194Z

Link: CVE-2023-0841

Vulnrichment

Updated: 2024-08-02T05:24:34.539Z

NVD

Status : Modified

Published: 2023-02-15T14:15:13.283

Modified: 2024-11-21T07:37:56.270

Link: CVE-2023-0841

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0841", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-02-15T13:33:07.194Z", "datePublished": "2023-02-15T13:33:53.115Z", "dateUpdated": "2025-02-13T16:39:08.911Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-05-28T20:14:06.132Z"}, "title": "GPAC reframe_mp3.c mp3_dmx_process heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "affected": [{"vendor": "n/a", "product": "GPAC", "versions": [{"version": "2.3-DEV-rev40-g3602a5ded", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087."}, {"lang": "de", "value": "Eine Schwachstelle wurde in GPAC 2.3-DEV-rev40-g3602a5ded entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion mp3_dmx_process der Datei filters/reframe_mp3.c. Durch das Beeinflussen mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2023-02-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-02-15T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-02-15T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-03-16T07:46:49.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "qianshuidewajueji (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.221087", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.221087", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3", "tags": ["exploit"]}, {"url": "https://github.com/advisories/GHSA-w52x-cp47-xhhw"}, {"url": "https://github.com/gpac/gpac/releases/tag/v2.2.1"}, {"url": "https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4"}, {"url": "https://github.com/gpac/gpac/issues/2396"}]}, "adp": [{"affected": [{"vendor": "gpac", "product": "gpac", "cpes": ["cpe:2.3:a:gpac:gpac:2.3-dev-rev40-g3602a5ded:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.3-dev-rev40-g3602a5ded", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-18T15:26:12.000099Z", "id": "CVE-2023-0841", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-18T15:36:11.472Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.539Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.221087", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.221087", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3", "tags": ["exploit", "x_transferred"]}, {"url": "https://github.com/advisories/GHSA-w52x-cp47-xhhw", "tags": ["x_transferred"]}, {"url": "https://github.com/gpac/gpac/releases/tag/v2.2.1", "tags": ["x_transferred"]}, {"url": "https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4", "tags": ["x_transferred"]}, {"url": "https://github.com/gpac/gpac/issues/2396", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.221087", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.221087", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3", "tags": ["exploit", "x_transferred"]}, {"url": "https://github.com/advisories/GHSA-w52x-cp47-xhhw", "tags": ["x_transferred"]}, {"url": "https://github.com/gpac/gpac/releases/tag/v2.2.1", "tags": ["x_transferred"]}, {"url": "https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4", "tags": ["x_transferred"]}, {"url": "https://github.com/gpac/gpac/issues/2396", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.539Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0841", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-18T15:26:12.000099Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gpac:gpac:2.3-dev-rev40-g3602a5ded:*:*:*:*:*:*:*"], "vendor": "gpac", "product": "gpac", "versions": [{"status": "affected", "version": "2.3-dev-rev40-g3602a5ded"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-18T15:32:12.406Z"}}], "cna": {"title": "GPAC reframe_mp3.c mp3_dmx_process heap-based overflow", "credits": [{"lang": "en", "type": "analyst", "value": "qianshuidewajueji (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "affected": [{"vendor": "n/a", "product": "GPAC", "versions": [{"status": "affected", "version": "2.3-DEV-rev40-g3602a5ded"}]}], "timeline": [{"lang": "en", "time": "2023-02-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2023-02-15T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2023-02-15T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2023-03-16T07:46:49.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.221087", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.221087", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3", "tags": ["exploit"]}, {"url": "https://github.com/advisories/GHSA-w52x-cp47-xhhw"}, {"url": "https://github.com/gpac/gpac/releases/tag/v2.2.1"}, {"url": "https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4"}, {"url": "https://github.com/gpac/gpac/issues/2396"}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087."}, {"lang": "de", "value": "Eine Schwachstelle wurde in GPAC 2.3-DEV-rev40-g3602a5ded entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion mp3_dmx_process der Datei filters/reframe_mp3.c. Durch das Beeinflussen mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-05-28T20:14:06.132Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0841", "state": "PUBLISHED", "dateUpdated": "2025-02-13T16:39:08.911Z", "dateReserved": "2023-02-15T13:33:07.194Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2023-02-15T13:33:53.115Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev40-g3602a5ded:*:*:*:*:*:*:*", "matchCriteriaId": "BF8AB1FE-492D-4281-B779-FD501A50998C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087."}], "id": "CVE-2023-0841", "lastModified": "2024-11-21T07:37:56.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-15T14:15:13.283", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/advisories/GHSA-w52x-cp47-xhhw"}, {"source": "cna@vuldb.com", "url": "https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4"}, {"source": "cna@vuldb.com", "url": "https://github.com/gpac/gpac/issues/2396"}, {"source": "cna@vuldb.com", "url": "https://github.com/gpac/gpac/releases/tag/v2.2.1"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.221087"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.221087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/advisories/GHSA-w52x-cp47-xhhw"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/gpac/gpac/issues/2396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/gpac/gpac/releases/tag/v2.2.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.221087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.221087"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}