CVE-2022-4202 — Gpac vulnerability

CWE-1894 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 70.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gpac Debian Gpac

Timeline

PublishedNov 29

Description

A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/gpac< gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)

▶Debiangpac/gpac< 1.0.1+dfsg1-4+deb11u2

▶NVDgpac/gpac2.1-dev-rev490-g68064e101-master

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9c76-9w8w-mhgx: A vulnerability, which was classified as problematic, was found in GPAC 2↗2022-11-29

▶

OSV

CVE-2022-4202: A vulnerability, which was classified as problematic, was found in GPAC 2↗2022-11-29

▶

📋Vendor Advisories

Debian

CVE-2022-4202: gpac - A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-...↗2022

▶