CVE-2019-13618 - OpenCVE

In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gpac	Gpac

Configuration 1 [-]

cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/gpac/gpac/compare/440d475...6b4ab40
https://github.com/gpac/gpac/issues/1250
https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-16T16:07:17

Updated: 2024-08-04T23:57:39.520Z

Reserved: 2019-07-16T00:00:00

Link: CVE-2019-13618

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-16T17:15:12.830

Modified: 2020-01-20T16:15:13.033

Link: CVE-2019-13618

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-20T15:06:38", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/gpac/gpac/issues/1250"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gpac/gpac/compare/440d475...6b4ab40"}, {"name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13618", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/gpac/gpac/issues/1250", "refsource": "MISC", "url": "https://github.com/gpac/gpac/issues/1250"}, {"name": "https://github.com/gpac/gpac/compare/440d475...6b4ab40", "refsource": "MISC", "url": "https://github.com/gpac/gpac/compare/440d475...6b4ab40"}, {"name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:57:39.520Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gpac/gpac/issues/1250"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gpac/gpac/compare/440d475...6b4ab40"}, {"name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13618", "datePublished": "2019-07-16T16:07:17", "dateReserved": "2019-07-16T00:00:00", "dateUpdated": "2024-08-04T23:57:39.520Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*", "matchCriteriaId": "123D0430-86B1-40BF-9B43-C782CC2EDDE8", "versionEndExcluding": "0.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c."}, {"lang": "es", "value": "En GPAC anterior a versi\u00f3n 0.8.0, el archivo isomedia/isom_read.c en la biblioteca libgpac.a presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria, como es demostrado por un bloqueo en gf_m2ts_sync en el archivo media_tools / mpegts.c."}], "id": "CVE-2019-13618", "lastModified": "2020-01-20T16:15:13.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-16T17:15:12.830", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gpac/gpac/compare/440d475...6b4ab40"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/gpac/gpac/issues/1250"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}