CVE-2023-4679Use After Free in Gpac

CWE-416Use After Free4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 87.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Gpac GpacGpacDebian Gpac
Timeline
PublishedNov 15

Description

A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5gpac/gpac_gpacunspecified2.3-DEV
NVDgpac/gpac2.3.0-dev
debiandebian/gpac

Patches

Patch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-6c8p-ghf2-886r: A use after free vulnerability exists in GPAC version 22024-11-15
OSV
CVE-2023-4679: A use after free vulnerability exists in GPAC version 22024-11-15

📋Vendor Advisories

1
Debian
CVE-2023-4679: gpac - A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specif...2023
CVE-2023-4679 — Use After Free in Gpac Gpac | cvebase