CVE-2022-3957 — Improper Resource Shutdown or Release in Gpac

CWE-404 — Improper Resource Shutdown or Release CWE-401 — Missing Release of Memory after Effective Lifetime4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 76.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gpac Debian Gpac

Timeline

PublishedNov 11

Description

A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDgpac/gpac< 2.2.0

▶debiandebian/gpac< gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)

▶Debiangpac/gpac< 1.0.1+dfsg1-4+deb11u2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9hxm-qqg6-q8f9: A vulnerability classified as problematic was found in GPAC↗2022-11-11

▶

OSV

CVE-2022-3957: A vulnerability classified as problematic was found in GPAC↗2022-11-11

▶

📋Vendor Advisories

Debian

CVE-2022-3957: gpac - A vulnerability classified as problematic was found in GPAC. Affected by this vu...↗2022

▶