CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0322

Critical Severity
Gpac
SVRS
79/100
CVSSv3
9.1/10
EPSS
0.0008/1

CVE-2024-0322 is an out-of-bounds read vulnerability in the gpac/gpac repository before version 2.3-DEV. This critical flaw allows attackers to potentially access sensitive information beyond allocated memory regions. The GPAC project, a multimedia framework, is vulnerable to this type of error. With a CVSS score of 9.1 and an SVRS of 79, this CVE indicates a high level of risk, although not reaching the critical threshold of 80 according to SOCRadar's Vulnerability Risk Score. Exploitation of this vulnerability could lead to data leaks or denial-of-service conditions. Immediate patching or mitigation is strongly recommended to secure affected systems. The potential impact on data confidentiality and system stability highlights the importance of addressing CVE-2024-0322 promptly. Even with an SVRS nearing the critical level, the high CVSS score should be sufficient cause for concern.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:N
A:H
PUBLICATION DATE2024-01-08
LAST MODIFIED2024-01-11

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-0322 | GPAC up to 2.2-DEV out-of-bounds (Nessus ID 225810)
vuldb.com2025-03-05
CVE-2024-0322 | GPAC up to 2.2-DEV out-of-bounds (Nessus ID 225810) | A vulnerability was found in GPAC up to 2.2-DEV and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-0322. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected
vuldb.com
rss
forum
news
USN-7320-1: GPAC vulnerabilities
2025-03-05
USN-7320-1: GPAC vulnerabilities | It was discovered that the GPAC MP4Box utility incorrectly handled certain AC3 files, which could lead to an out-of-bounds read. A remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service (system crash). This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2023-5520, CVE-2024-0322) It was discovered that the GPAC MP4Box utility incorrectly handled certain malformed text files. If a user or automated system using MP4Box were tricked into opening a specially crafted RST file, an attacker could use this
ubuntu.com
rss
forum
news
1.789
2024-12-14
1.789 | Newly Added (3)Mitsubishi Electric GX Works3 CVE-2023-6943 Authentication Bypass VulnerabilitySecurity Vulnerabilities fixed in Mitel MiCollab 9.8 SP2Security Vulnerability fixed in Thunderbird 128.5.2Modified (31)<
fortiguard.com
rss
forum
news
1.752
2024-10-04
1.752 | Newly Added (8)Ivanti Endpoint Manager CVE-2024-29824 Arbitrary Code Execution VulnerabilitySecurity Vulnerabilities fixed in GPAC 2.2.1GPAC CVE-2024-24267 Memory Leak VulnerabilityGPAC CVE-2024-24266 Use-After
cve-2024-24267
cve-2024-0321
cve-2024-29824
cve-2024-22749

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
AppGpacgpac

References

ReferenceLink
[email protected]https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70
[email protected]https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec
GITHUBhttps://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec

CWE Details

CWE IDCWE NameDescription
CWE-125Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence