Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2023-46927
CVE-2023-46927:
NixOS vulnerability analysis and mitigation
Overview
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow vulnerability in the gfisomusecompactsize function located in gpac/src/isomedia/isom_write.c:3403:3 within gpac/MP4Box. The vulnerability was discovered and reported on October 22, 2023 (GitHub Issue).
Technical details
The vulnerability is a heap-based buffer overflow that occurs in the gfisomusecompactsize function. The issue manifests when allocating memory for sample sizes without properly validating the sample count, leading to a potential out-of-bounds write. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) (NVD).
Impact
When exploited, this vulnerability can cause the application to crash due to heap buffer overflow. The issue affects the MP4Box functionality within GPAC, potentially impacting any applications that rely on this component for media file processing (GitHub Issue).
Mitigation and workarounds
The vulnerability has been patched in commit a7b467b151d9b54badbc4dd71e7a366b7c391817, which adds a check for sampleCount!=0 in the gfisomusecompactsize function (GitHub Commit).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management