CVE-2023-48014

Name of the Vulnerable Software and Affected Versions GPAC version 2.3-DEV-rev566-g50c2ab06f-master

Description The issue is related to a stack overflow in the hevc parse vps extension function, located in the media tools/av parsers.c file. This is caused by incorrect use of dynamic memory during program execution. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. It can also be exploited remotely to cause a denial of service.

Recommendations As a temporary workaround, consider disabling the hevc parse vps extension function until a patch is available. Restrict access to the media tools/av parsers.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.