U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2018-1000128

Change History

CVE Modified by MITRE 3/14/2018 9:29:02 PM

Action Type Old Value New Value
Changed Description 
GPAC MP4Box version prior to commit 90dc7f853d31b0a4e9441cba97feccf36d8b69a4 contains a Buffer Overflow vulnerability in src/media_tools/av_parsers.c, lines 2387-2388: https://github.com/gpac/gpac/blob/84c4e606a1f906cd4b07ad94d19cea2b668f64ad/src/media_tools/av_parsers.c#L2387-L2388 that can result in may allow an attacker to achieve remote code execution. This attack appear to be exploitable via The victim must open a specially crafted MP4 file. This vulnerability appears to have been fixed in after commit 90dc7f853d31b0a4e9441cba97feccf36d8b69a4.
 
** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2018-7752.  Reason: This candidate is a reservation duplicate of CVE-2018-7752.  Notes: All CVE users should reference CVE-2018-7752 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.
Changed Display Vulnerability 
true
 
false
Removed Reference 
https://github.com/gpac/gpac/issues/997 [No Types Assigned]