### [CVE-2023-0841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0841)
![](https://img.shields.io/static/v1?label=Product&message=GPAC&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%202.3-DEV-rev40-g3602a5ded%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brighgreen)

### Description

A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.

### POC

#### Reference
- https://github.com/advisories/GHSA-w52x-cp47-xhhw
- https://github.com/gpac/gpac/issues/2396
- https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3

#### Github
- https://github.com/DiRaltvein/memory-corruption-examples