GPAC Use After Free Vulnerability Could Lead to Crash
CVE-2023-4679

5.5MEDIUM

Key Information:

Vendor: Gpac
Status: Gpac/gpac
Vendor: CVE Published:; 15 November 2024

What is CVE-2023-4679?

A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash.

Affected Version(s)

gpac/gpac < 2.3-DEV

References

https://huntr.com/bounties/6f721ee7-8785-4c26-801e-f40fed...

https://github.com/gpac/gpac/commit/b68b3f0bf5c366e003221...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Aug 31, 2023

Gpac

What is CVE-2023-4679?

Affected Version(s)

References

CVSS V3.1

Timeline