Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-6064— GPAC MP4Box loader_xmt.c xmt_node_end use after free

CVSS 5.3 · Medium EPSS 0.04% · P11
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-6064

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
GPAC MP4Box loader_xmt.c xmt_node_end use after free
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf690567980d96662f5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-268792.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
GPAC 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GPAC是一款开源的多媒体框架。 GPAC 2.5-DEV-rev228-g11067ea92-master版本存在资源管理错误漏洞,该漏洞源于相关函数操作不当,导致释放后重用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-GPAC 2.5-DEV-rev228-g11067ea92-master -

II. Public POCs for CVE-2024-6064

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-6064

登录查看更多情报信息。

Same Patch Batch · n/a · 2024-06-17 · 40 CVEs total

CVE-2024-60836.3 MEDIUMPHPVibe Media Upload Page upload-mp3.php unrestricted upload
CVE-2024-60633.3 LOWGPAC MP4Box dmx_m2ts.c m2tsdmx_on_event null pointer dereference
CVE-2024-60623.3 LOWGPAC MP4Box load_text.c swf_svg_add_iso_sample null pointer dereference
CVE-2024-60613.3 LOWGPAC MP4Box isoffin_read.c isoffin_process infinite loop
CVE-2024-60822.4 LOWPHPVibe Global Options Page functionalities.global.php cross site scripting
CVE-2024-36578update 安全漏洞
CVE-2024-37623RockOA 安全漏洞
CVE-2024-36527Puppeteer 安全漏洞
CVE-2024-36580cdr0-sg 安全漏洞
CVE-2024-36581Badger Database 安全漏洞
CVE-2024-36574flatten-json 安全漏洞
CVE-2024-36543Strimzi 安全漏洞
CVE-2024-36575npm getsetprop 安全漏洞
CVE-2024-36582object-deep-assign 安全漏洞
CVE-2024-36573obx 安全漏洞
CVE-2024-36577Object Resolver 安全漏洞
CVE-2024-36583byondreal accessor 安全漏洞
CVE-2024-34833Payroll Management System 安全漏洞
CVE-2023-37057Jlink AX1800 安全漏洞
CVE-2023-37058Jlink AX1800 安全漏洞

Showing top 20 of 40 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: GPAC
Same vendor: n/a
Same weakness: CWE-416

V. Comments for CVE-2024-6064

No comments yet

Leave a comment