CVE-2018-13006
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-13006
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-13006.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-13006
- Downstream
- Related
- Published
- 2018-06-29T14:29:00Z
- Modified
- 2025-10-15T09:20:21.771858Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/boxdump.c function hdlrdump.
- References
Affected packages
Git / github.com/gpac/gpac
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gpac/gpac
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"target": {
"function": "hdlr_dump",
"file": "src/isomedia/box_dump.c"
},
"digest": {
"length": 700.0,
"function_hash": "43054822562971889790112649065050738269"
},
"id": "CVE-2018-13006-48037c0a",
"source": "https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86",
"signature_version": "v1",
"deprecated": false
},
{
"signature_type": "Line",
"target": {
"file": "src/isomedia/box_dump.c"
},
"digest": {
"line_hashes": [
"240129264460215101760777230888128164565",
"92702156625880302266939257319649640893",
"106025944208538254204216118738768950364",
"291361657713469353512677670250634893467",
"114828400390421047261539912847425380491",
"180158920246265982655196955164224034646",
"46529492494311210502089748160008866082",
"328792758787200467428256411222292138309",
"225418848381896315121417901204764322795",
"316273335466316768894293464072395772112",
"272981713739917107403282266976021755545",
"263228647726209966753406310595928825832",
"162978353272406893293034852260673864929",
"212408701237226215133420827343398066547",
"147355063569052367289533551592335104419",
"78353194541589929820848852692231624477",
"88898945021634436099969858195214715329",
"290255864161061932017116687271735605364",
"196715427663184130465026503108250380005",
"323943812714742087718554492099001672739",
"241382284308687866851092548279345156715",
"20348201306363799519440654524283513057",
"116683227579297135907438582119699371976",
"332049996018732859893380018854157529767",
"181927952357989742120082240421832220312",
"197206810468105811996021239872540502519"
],
"threshold": 0.9
},
"id": "CVE-2018-13006-6788df8b",
"source": "https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86",
"signature_version": "v1",
"deprecated": false
},
{
"signature_type": "Line",
"target": {
"file": "src/isomedia/box_code_base.c"
},
"digest": {
"line_hashes": [
"225930566936052243641962346314426053849",
"72973447274602359087766500130082130622",
"114637650171971459425082135552424725701",
"226713972853355409738971654588282762732"
],
"threshold": 0.9
},
"id": "CVE-2018-13006-754b92bd",
"source": "https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86",
"signature_version": "v1",
"deprecated": false
},
{
"signature_type": "Line",
"target": {
"file": "include/gpac/internal/isomedia_dev.h"
},
"digest": {
"line_hashes": [
"44569583039775634638106699721267891144",
"44605539196149009950683430579838645942",
"203837620228269494667698691868752906388",
"333379221623619907573134082483232062106"
],
"threshold": 0.9
},
"id": "CVE-2018-13006-ab7a5a36",
"source": "https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86",
"signature_version": "v1",
"deprecated": false
},
{
"signature_type": "Function",
"target": {
"function": "urn_Read",
"file": "src/isomedia/box_code_base.c"
},
"digest": {
"length": 1039.0,
"function_hash": "188650703219858837821397659744260795143"
},
"id": "CVE-2018-13006-ef8f3454",
"source": "https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86",
"signature_version": "v1",
"deprecated": false
}
]