GPAC av_parsers.c gf_av1_reset_state double free
CVE-2023-1449

7.8HIGH

Key Information:

Vendor: Gpac
Status: GPAC
Vendor: CVE Published:; 17 March 2023

What is CVE-2023-1449?

A vulnerability affecting the GPAC multimedia framework has been identified in the function gf_av1_reset_state, located in media_tools/av_parsers.c. This issue allows for double free errors, which could potentially be exploited by attackers on a local host. The vulnerability has been made public, raising concerns for those using the affected versions of GPAC. Prompt application of the recommended security patch is crucial to mitigate this risk and ensure the integrity of the multimedia processing capabilities within the framework.

Affected Version(s)

GPAC 2.3-DEV-rev35-gbbca86917-master

References

https://vuldb.com/?id.223294

vdb-entrytechnical-description

https://vuldb.com/?ctiid.223294

signaturepermissions-required

https://github.com/gpac/gpac/issues/2387

issue-tracking

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2023
Vulnerability Reserved
Mar 17, 2023

Credit

Tmotfl (VulDB User)

Gpac

What is CVE-2023-1449?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit