GPAC av_parsers.c gf_av1_reset_state double free
CVE-2023-1449

7.8HIGH

Key Information:

Vendor

Gpac

Status
GPAC
Vendor
CVE Published:
17 March 2023

What is CVE-2023-1449?

A vulnerability affecting the GPAC multimedia framework has been identified in the function gf_av1_reset_state, located in media_tools/av_parsers.c. This issue allows for double free errors, which could potentially be exploited by attackers on a local host. The vulnerability has been made public, raising concerns for those using the affected versions of GPAC. Prompt application of the recommended security patch is crucial to mitigate this risk and ensure the integrity of the multimedia processing capabilities within the framework.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GPAC 2.3-DEV-rev35-gbbca86917-master

References

https://vuldb.com/?id.223294
vdb-entrytechnical-description
https://vuldb.com/?ctiid.223294
signaturepermissions-required
https://github.com/gpac/gpac/issues/2387
issue-tracking

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tmotfl (VulDB User)
JSON
.