Login Sign Up

CVE-2022-1441

7.8 HIGH
Buffer Overflow

📋 TL;DR

CVE-2022-1441 is a buffer overflow vulnerability in MP4Box (part of GPAC) that occurs when parsing malicious MP4 files. Attackers can exploit this to execute arbitrary code or cause denial of service. Systems using GPAC's MP4Box for media processing are affected.

💻 Affected Systems

Products:
  • GPAC
  • MP4Box
Versions: GPAC versions before 2.0.0
Operating Systems: Linux, Windows, macOS, All platforms running GPAC
Default Config Vulnerable: ⚠️ Yes
Notes: Affects any system using MP4Box to process MP4 files, including media servers, transcoding services, and applications embedding GPAC

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Gpac by Gpac

View all CVEs affecting Gpac →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Denial of service causing MP4Box crashes and service disruption

🟢

If Mitigated

Limited impact with proper input validation and memory protections

🌐 Internet-Facing: MEDIUM - Requires user to process malicious MP4 files, but many media processing services are internet-facing
🏢 Internal Only: LOW - Typically requires local file processing or user interaction

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to process a malicious MP4 file; public proof-of-concept exists in GitHub issues

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GPAC 2.0.0 and later

Vendor Advisory: https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb

Restart Required: No

Instructions:

1. Update GPAC to version 2.0.0 or later. 2. For RPM Fusion: sudo dnf update gpac. 3. For Debian: sudo apt update && sudo apt install gpac. 4. Recompile if using source.

🔧 Temporary Workarounds

Input validation

all

Implement strict validation of MP4 files before processing with MP4Box

Disable MP4Box processing

linux

Temporarily disable MP4Box functionality if not essential

sudo systemctl stop services-using-mp4box
sudo chmod -x /usr/bin/MP4Box

🧯 If You Can't Patch

  • Implement strict file upload controls and scan all MP4 files with antivirus
  • Run MP4Box in sandboxed/containerized environments with minimal privileges

🔍 How to Verify

Check if Vulnerable:

Check GPAC version: gpac -version | grep 'GPAC'

Check Version:

gpac -version

Verify Fix Applied:

Verify version is 2.0.0 or later: gpac -version

📡 Detection & Monitoring

Log Indicators:

  • MP4Box crash logs
  • Segmentation fault errors in system logs
  • Abnormal process termination

Network Indicators:

  • Unusual MP4 file uploads to media processing services
  • Large MP4 files with abnormal structures

SIEM Query:

process_name:"MP4Box" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2022-1441
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: April 25, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1441, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)