Login Sign Up

CVE-2022-24575

7.8 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

CVE-2022-24575 is a stack-based buffer overflow vulnerability in GPAC's MP4Box tool that allows attackers to execute arbitrary code or cause denial of service. This affects users who process untrusted MP4 files with GPAC version 1.0.1. The vulnerability can be triggered through specially crafted media files.

💻 Affected Systems

Products:
  • GPAC
  • MP4Box
Versions: GPAC 1.0.1 specifically
Operating Systems: Linux, Windows, macOS, All platforms running GPAC
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects GPAC 1.0.1 version. Earlier and later versions may have different vulnerabilities but this specific CVE is for 1.0.1.

📦 What is this software?

Gpac by Gpac

View all CVEs affecting Gpac →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the user running MP4Box, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious files, with potential for code execution in some scenarios.

🟢

If Mitigated

Limited to denial of service if proper sandboxing or privilege separation is implemented.

🌐 Internet-Facing: MEDIUM - Requires user interaction to process malicious files, but MP4Box might be used in web services processing uploaded media.
🏢 Internal Only: MEDIUM - Internal users could be tricked into processing malicious files, but requires local access or social engineering.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in GitHub issues. Exploitation requires user to process a malicious MP4 file, which can be delivered via email, web downloads, or other file sharing methods.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GPAC 1.1.0 and later

Vendor Advisory: https://github.com/gpac/gpac/issues/2058

Restart Required: No

Instructions:

1. Upgrade GPAC to version 1.1.0 or later. 2. Download from official GPAC repository. 3. Recompile or use updated binaries. 4. Replace existing MP4Box installation.

🔧 Temporary Workarounds

Disable MP4Box processing of untrusted files

all

Restrict MP4Box usage to trusted files only and implement input validation

Run MP4Box with reduced privileges

all

Execute MP4Box in a sandboxed environment or with minimal user privileges

sudo -u nobody mp4box [options] (Linux)
runas /user:lowprivilegeuser mp4box.exe (Windows)

🧯 If You Can't Patch

  • Implement strict file upload validation for any service using MP4Box
  • Run MP4Box in containerized or virtualized environments with no network access

🔍 How to Verify

Check if Vulnerable:

Check GPAC version: mp4box -version | grep 'GPAC'

Check Version:

mp4box -version

Verify Fix Applied:

Verify version is 1.1.0 or later: mp4box -version

📡 Detection & Monitoring

Log Indicators:

  • MP4Box segmentation faults
  • Abnormal process termination of mp4box
  • Large memory allocation failures

Network Indicators:

  • Unusual file uploads to services using MP4Box
  • MP4 files with abnormal structure or size

SIEM Query:

process_name='mp4box' AND (event_id='1000' OR exit_code='0xC0000005')

📊 Metadata

CVE ID: CVE-2022-24575
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 14, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24575, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)