CVE-2022-47090

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 24, 2025

CWE ID 120

Summary

CVE-2022-47090 is a newly disclosed vulnerability affecting GPAC MP4box 2.1-DEV-rev574-g9d5bb184b. This issue stems from a buffer overflow in the gf_vvc_read_pps_bs_internal function located in media_tools/av_parsers.c. The flaw is triggered when the function fails to properly check the size of num_exp_tile_columns, which may result in excessive data being written to a buffer. An attacker could potentially exploit this vulnerability by crafting specially crafted media files to cause a buffer overflow, potentially leading to code execution or memory corruption. Users are strongly advised to apply the necessary patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

GPAC MP4Box

Affected Vendors

GPAC

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners