CVE-2023-39562
MEDIUMGPAC v2.3-DEV-rev449-g5948e4f70-master - Use-After-Free in gf_bs_align Function
Title source: llmDescription
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
References (2)
Core 2
Core References
Third Party Advisory
https://github.com/ChanStormstout/Pocs/blob/master/gpac_POC/id%3A000000%2Csig%3A06%2Csrc%3A003771%2Ctime%3A328254%2Cexecs%3A120473%2Cop%3Ahavoc%2Crep%3A8
Exploit, Issue Tracking
https://github.com/gpac/gpac/issues/2537
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
5.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (1)
gpac/gpac
2.3 2.3-dev-rev449-g5948e4f70-master
Published
Aug 28, 2023
Tracked Since
Feb 18, 2026