CVE-2023-48011

Name of the Vulnerable Software and Affected Versions GPAC version 2.3-DEV-rev566-g50c2ab06f-master

Description The issue is related to a heap-use-after-free via the flush ref samples function at /gpac/src/isomedia/movie fragments.c. This is associated with incorrect dynamic memory usage during program execution. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. It can also lead to a denial of service when exploited remotely.

Recommendations For GPAC version 2.3-DEV-rev566-g50c2ab06f-master, as a temporary workaround, consider disabling the flush ref samples function until a patch is available. Restrict access to the /gpac/src/isomedia/movie fragments.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.