CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
19.8%
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a
heap-use-after-free via the gf_bs_align function at bitstream.c. This
vulnerability allows attackers to cause a Denial of Service (DoS) via
supplying a crafted file.
github.com/ChanStormstout/Pocs/blob/master/gpac_POC/id%3A000000%2Csig%3A06%2Csrc%3A003771%2Ctime%3A328254%2Cexecs%3A120473%2Cop%3Ahavoc%2Crep%3A8
github.com/gpac/gpac/issues/2537
launchpad.net/bugs/cve/CVE-2023-39562
nvd.nist.gov/vuln/detail/CVE-2023-39562
security-tracker.debian.org/tracker/CVE-2023-39562
www.cve.org/CVERecord?id=CVE-2023-39562