Memory Leak Vulnerability in Gpac Media Player by Gpac
CVE-2023-48958

5.5MEDIUM

Key Information:

Vendor: Gpac
Status: Gpac
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-48958?

The Gpac Media Player has a vulnerability where memory leaks occur within the mpd.c module. Specifically, in the gf_mpd_resolve_url function, improper management of memory can lead to unintended memory retention. This can potentially allow an attacker to exploit the vulnerability through crafted media inputs, leading to degraded system performance or crashes. It is advisable for users and administrators to assess their implementation and apply necessary mitigations.

References

https://github.com/gpac/gpac/issues/2689

https://gist.github.com/dr0v/1204f7a5f1e1497e7bca066638ac...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Nov 20, 2023