Gpmf Parser
CVE-2019-15148
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c.
AnalysisAI
GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c. Affected products include: Gopro Gpmf-Parser.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
More in Gpmf Parser
View allAn issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Rated critical severity (CVSS 9.1
GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Rated high seve
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags"
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. Rated high severity (CVSS 8.8),
GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculatio
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c. Rated high severity (CVSS 7
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Rated high severity (CVSS 7.5), this vu
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Rated high severity (CVSS 7.5), this vu
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today