CVE-2022-36190Use After Free in Gpac

CWE-416Use After Free4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 67.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GpacDebian Gpac
Timeline
PublishedAug 17
Latest updateAug 18

Description

GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDgpac/gpac< 2.2.0
debiandebian/gpac< gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)
Debiangpac/gpac< 1.0.1+dfsg1-4+deb11u2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-h6jp-7q5x-g3xx: GPAC mp4box 22022-08-18
OSV
CVE-2022-36190: GPAC mp4box 22022-08-17

📋Vendor Advisories

1
Debian
CVE-2022-36190: gpac - GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in func...2022
CVE-2022-36190 — Use After Free in Gpac | cvebase