Vulnerability identifier: #VU11086
Vulnerability risk: Low
Exploitation vector: Local network
Exploit availability: No
The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The weakness exists in the av_ext.c source code file due to the improper handling of crafted media files. An adjacent attacker can submit a specially crafted media file or trick the victim into opening a specially crafted media file, trigger out-of-bounds heap write and execute arbitrary code.
Install update from vendor's website.
Vulnerable software versions
GPAC: 0.7.0 - 0.7.1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?