Gpmf Parser
CVE-2018-18190
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a divide-by-zero error in GPMF_ScaledData in GPMF_parser.c.
AnalysisAI
An issue was discovered in GoPro gpmf-parser before 1.2.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-369. An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a divide-by-zero error in GPMF_ScaledData in GPMF_parser.c. Affected products include: Gopro Gpmf-Parser. Version information: before 1.2.1..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Gpmf Parser
View allAn issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Rated critical severity (CVSS 9.1
GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Rated high seve
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags"
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. Rated high severity (CVSS 8.8),
GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculatio
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c. Rated high severity (CVSS 7
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Rated high severity (CVSS 7.5), this vu
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Rated high severity (CVSS 7.5), this vu
Same weakness CWE-369 – Divide By Zero
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today