CVE-2018-1000100
Last modified
CVE-2018-1000100 is a vulnerability of currently unknown severity. GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE.. EPSS estimates a 1.13% chance of exploitation in the next 30 days.
Description
GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gpac Project | Gpac | <= 0.7.1 |
| Canonical | Ubuntu Linux | 16.04 |
| Canonical | Ubuntu Linux | 18.04 |
| Canonical | Ubuntu Linux | 18.10 |
References
- https://github.com/gpac/gpac/issues/994Third Party Advisory
- https://usn.ubuntu.com/3926-1/Third Party Advisory
- https://github.com/gpac/gpac/issues/994Third Party Advisory
- https://usn.ubuntu.com/3926-1/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000100?
How severe is CVE-2018-1000100?
How do I fix CVE-2018-1000100?
Are you affected by CVE-2018-1000100?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST