Impact
AutoGPT allows users to run the LoopVideoBlock on any video file, but the block imposes no limits on the number of loops or on the resulting file size. An attacker can supply a dramatic loop count, causing the system to generate an excessively large video and eventually exhaust disk space, which results in denial of service. The weakness corresponds to uncontrolled resource consumption (CWE-400).
Affected Systems
The affected product is Significant‑Gravitas AutoGPT. Any installation using AutoGPT version earlier than 0.6.63 is vulnerable; patching to version 0.6.63 or newer resolves the issue.
Risk and Exploitability
The CVSS score of 8.7 indicates a high severity. EPSS is not provided, and the vulnerability is not listed in the CISA KEV catalog, so current exploitation likelihood is uncertain. Based on the description, the likely attack vector involves a malicious user uploading a video with an excessively high loop count to the LoopVideoBlock, leading to disk exhaustion and service interruption.
OpenCVE Enrichment