Lucene search

K
cveMitreCVE-2023-39562
HistoryAug 28, 2023 - 7:15 p.m.

CVE-2023-39562

2023-08-2819:15:07
CWE-416
mitre
web.nvd.nist.gov
23
cve-2023
gpac
dos
heap-use-after-free
bitstream.c
nvd
security vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.8%

GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.

Affected configurations

Nvd
Node
gpacgpacMatch2.32.3-dev-rev449-g5948e4f70-master
VendorProductVersionCPE
gpacgpac2.3cpe:2.3:a:gpac:gpac:2.3:2.3-dev-rev449-g5948e4f70-master:*:*:*:*:*:*

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.8%