CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0321

Critical Severity
Gpac
SVRS
84/100
CVSSv3
9.8/10
EPSS
0.00073/1

CVE-2024-0321: Stack-based Buffer Overflow in GPAC's MP4 box parsing. This vulnerability in the gpac/gpac repository before version 2.3-DEV allows for potential remote code execution. With an SVRS of 84, CVE-2024-0321 is a critical vulnerability demanding immediate attention. A stack-based buffer overflow occurs when a program writes data beyond the allocated buffer on the stack, potentially overwriting adjacent memory locations. Successful exploitation could lead to arbitrary code execution, giving attackers control over the affected system. Given the high SVRS, organizations using affected versions of GPAC should prioritize patching or mitigation to prevent potential attacks and data breaches. The high CVSS score also underscores the severity of this vulnerability.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-01-08
LAST MODIFIED2024-01-11

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-0321 | GPAC up to 2.2-DEV stack-based overflow (Nessus ID 225810)
vuldb.com2025-03-05
CVE-2024-0321 | GPAC up to 2.2-DEV stack-based overflow (Nessus ID 225810) | A vulnerability, which was classified as problematic, was found in GPAC up to 2.2-DEV. Affected is an unknown function. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-0321. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news
USN-7320-1: GPAC vulnerabilities
2025-03-05
USN-7320-1: GPAC vulnerabilities | It was discovered that the GPAC MP4Box utility incorrectly handled certain AC3 files, which could lead to an out-of-bounds read. A remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service (system crash). This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2023-5520, CVE-2024-0322) It was discovered that the GPAC MP4Box utility incorrectly handled certain malformed text files. If a user or automated system using MP4Box were tricked into opening a specially crafted RST file, an attacker could use this
ubuntu.com
rss
forum
news
1.789
2024-12-14
1.789 | Newly Added (3)Mitsubishi Electric GX Works3 CVE-2023-6943 Authentication Bypass VulnerabilitySecurity Vulnerabilities fixed in Mitel MiCollab 9.8 SP2Security Vulnerability fixed in Thunderbird 128.5.2Modified (31)<
fortiguard.com
rss
forum
news
1.752
2024-10-04
1.752 | Newly Added (8)Ivanti Endpoint Manager CVE-2024-29824 Arbitrary Code Execution VulnerabilitySecurity Vulnerabilities fixed in GPAC 2.2.1GPAC CVE-2024-24267 Memory Leak VulnerabilityGPAC CVE-2024-24266 Use-After
cve-2024-24267
cve-2024-0321
cve-2024-29824
cve-2024-22749

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
AppGpacgpac

References

ReferenceLink
[email protected]https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a
[email protected]https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769
GITHUBhttps://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769
GITHUBhttps://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769

CWE Details

CWE IDCWE NameDescription
CWE-121Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence