Cyber Posture

CVE-2024-50664

HighPublic PoC

Published: 23 January 2025

Published
23 January 2025
Modified
11 February 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0009 24.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-50664 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Gpac Gpac. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 24.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the heap buffer overflow in GPAC/MP4Box by requiring timely patching of the specific flaw in gf_isom_new_mpha_description.

SI-16 Memory Protection good match
prevent

Provides memory protections like ASLR and DEP to prevent exploitation of the heap buffer overflow even if the GPAC vulnerability remains unpatched.

SI-10 Information Input Validation partial match
prevent

Requires validation of malformed MP4 file inputs to GPAC/MP4Box to block the out-of-bounds write triggered by untrusted multimedia data.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Heap buffer overflow in local MP4Box client enables direct arbitrary code execution via crafted malicious file requiring user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box.

Deeper analysisAI

CVE-2024-50664 is a heap buffer overflow vulnerability in GPAC version 2.4, an open-source multimedia framework. The flaw is located at isomedia/sample_descs.c:1799 in the function gf_isom_new_mpha_description within the gpac/MP4Box component. It is associated with CWE-787 (Out-of-bounds Write) and CWE-120 (Buffer Copy without Checking Size of Input).

The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A local attacker with no privileges can exploit it by tricking a user into processing a malicious file with MP4Box, requiring user interaction. Successful exploitation enables high-impact consequences, including unauthorized access to sensitive data, modification of system integrity, and denial of service through potential arbitrary code execution.

Mitigation details and patches are discussed in the GitHub issue at https://github.com/gpac/gpac/issues/2988. Security practitioners should monitor this repository for updates and apply fixes promptly when available.

Details

CWE(s)
CWE-787CWE-120

Affected Products

gpac
gpac
2.4

CVEs Like This One

CVE-2026-27821Same product: Gpac Gpac
CVE-2026-33144Same product: Gpac Gpac
CVE-2025-25723Same product: Gpac Gpac
CVE-2025-70298Same product: Gpac Gpac
CVE-2025-70308Same product: Gpac Gpac
CVE-2026-1418Same product: Gpac Gpac
CVE-2025-70307Same product: Gpac Gpac
CVE-2025-70304Same product: Gpac Gpac
CVE-2025-1430Shared CWE-120, CWE-787
CVE-2026-30987Shared CWE-120, CWE-787

References