Wiz
Vulnerability DatabaseCVE-2023-46929

CVE-2023-46929
NixOS vulnerability analysis and mitigation

Overview

An issue was discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master affecting the MP4Box component, specifically in the gf_avc_change_vui function located at /afltest/gpac/src/media_tools/av_parsers.c:6872:55. The vulnerability was disclosed on January 3, 2024, and has been assigned a CVSS v3.1 base score of 7.5 (HIGH) (NVD).

Technical details

The vulnerability exists in the gf_avc_change_vui function of the MP4Box component. When processing certain inputs, the function attempts to read from an invalid memory address (0x000000000008), which points to the zero page, resulting in a segmentation fault. The issue has been confirmed through AddressSanitizer testing (GitHub Issue).

Impact

The vulnerability allows attackers to crash the application through a segmentation fault, potentially leading to denial of service. The CVSS score of 7.5 indicates a high severity with network vector, low attack complexity, and no required privileges or user interaction (NVD).

Mitigation and workarounds

A fix has been implemented by adding a null guard check in the gf_avc_change_vui function. The patch is available in commit 4248def5d24325aeb0e35cacde3d56c9411816a6 (GitHub Patch).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-22783HIGH8.1
  • NixOSNixOS
  • iris
NoYesJan 12, 2026
CVE-2026-0821MEDIUM6.9
  • NixOSNixOS
  • quickjs
NoNoJan 10, 2026
CVE-2025-68949MEDIUM5.3
  • NixOSNixOS
  • n8n
NoYesJan 13, 2026
CVE-2026-22784LOW2.3
  • NixOSNixOS
  • lychee
NoYesJan 12, 2026
CVE-2026-23497LOW1.3
  • NixOSNixOS
  • learning
NoYesJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo