CVE-2023-1452

NameCVE-2023-1452
DescriptionA vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gpac (PTS)buster0.5.2-426-gc5ad4e4+dfsg5-5vulnerable
bullseye (security), bullseye1.0.1+dfsg1-4+deb11u1vulnerable
bookworm, sid2.0.0+dfsg1-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gpacsourcebuster(unfixed)end-of-life
gpacsource(unstable)(unfixed)

Notes

[buster] - gpac <end-of-life> (EOL in buster LTS)
https://github.com/gpac/gpac/issues/2386
https://github.com/gpac/gpac/commit/a5efec8187de02d1f0a412140b0bf030a6747d3f
Search for package or bug name: Reporting problems