PT-2023-5554 · Gpac+2 · Gpac+2
Xiaoxiaoafeifei
·
Published
2023-09-11
·
Updated
2023-09-26
·
CVE-2023-41000
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
GPAC versions through 2.2.1
Description
The issue is related to the incorrect use of dynamic memory in the
gf bifs flush command list function of the GPAC multimedia platform. This can lead to a denial of service when exploited. The vulnerability is a use-after-free issue in the gf bifs flush command list function located in bifs/memory decoder.c.Recommendations
For GPAC versions through 2.2.1, update to a version that fixes the use-after-free vulnerability in the
gf bifs flush command list function. As a temporary workaround, consider restricting access to the gf bifs flush command list function until a patch is available.Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Gpac
Red Os