NULL Pointer Dereference in gpac/gpac
CVE-2023-2840

9.8CRITICAL

Key Information:

Vendor

Gpac

Status
Vendor
CVE Published:
22 May 2023

What is CVE-2023-2840?

The GPAC software has been identified to have a NULL pointer dereference vulnerability that can lead to application instability or crashes. This occurs in versions prior to 2.2.2, potentially allowing an attacker to exploit this flaw by sending specially crafted data, which the software may not handle correctly. Such vulnerabilities can compromise the integrity and reliability of applications, making it essential to update to the latest version to mitigate risks.

Affected Version(s)

gpac/gpac < 2.2.2

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.