PT-2022-26208 · Gpac · Gpac

Ajakko

Published

2022-11-29

Updated

2023-05-27

CVE-2022-4202

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GPAC version 2.1-DEV-rev490-g68064e101-master

Description A problematic vulnerability was found in GPAC, affecting the function lsr translate coords of the file laser/lsr dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, it is recommended to apply a patch, specifically the patch b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. As a temporary workaround, consider disabling the lsr translate coords function until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2022-4202

DSA-5411-1

Affected Products

Gpac

PT-2022-26208 · Gpac · Gpac

CVE-2022-4202

Weakness Enumeration

Related Identifiers

Affected Products

References · 18