GPAC Use After Free Vulnerability Could Lead to Crash
CVE-2023-4679

5.5MEDIUM

Key Information:

Vendor: Gpac
Status: Gpac/gpac
Vendor: CVE Published:; 15 November 2024

Summary

A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash.

Affected Version(s)

gpac/gpac < 2.3-DEV

References

https://huntr.com/bounties/6f721ee7-8785-4c26-801e-f40fed...

https://github.com/gpac/gpac/commit/b68b3f0bf5c366e003221...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Aug 31, 2023

Collectors

NVD DatabaseMitre Database