Gpmf Parser
CVE-2020-16161
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.
AnalysisAI
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-369. GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash. Affected products include: Gopro Gpmf-Parser.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Gpmf Parser
View allAn issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
An issue was discovered in gpmf-parser 1.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Rated critical severity (CVSS 9.1
GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Rated high seve
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags"
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. Rated high severity (CVSS 8.8),
GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculatio
GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c. Rated high severity (CVSS 7
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Rated high severity (CVSS 7.5), this vu
GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c. Rated medium severity (CVS
Same weakness CWE-369 – Divide By Zero
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today