Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-46930
CVE-2023-46930:
NixOS vulnerability analysis and mitigation
Overview
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a segmentation fault (SEGV) vulnerability in the MP4Box component, specifically in the gf_isom_find_od_id_for_track function located at /afltest/gpac/src/isomedia/media_odf.c:522:14 (NIST NVD, Debian Tracker).
Technical details
The vulnerability is triggered by a read memory access to a null pointer in the gf_isom_find_od_id_for_track function. The issue has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating local access is required and user interaction is needed (NIST NVD).
Impact
When exploited, this vulnerability can cause the application to crash due to the segmentation fault, potentially leading to a denial of service condition. The vulnerability affects the MP4Box functionality when processing certain media files (GitHub Issue).
Mitigation and workarounds
A fix has been implemented by adding null guards to the gf_isom_find_od_id_for_track function. The patch is available in commit 3809955065afa3da1ad580012ec43deadbb0f2c8 (GPAC Patch).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management