CVE-2023-4683

MEDIUM

gpac < 2.3-dev - NULL Pointer Dereference

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-4683. PoCs published by Songg45.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2023-4683, a heap-buffer-overflow vulnerability in libwebp. It includes pre-crafted malicious WebP files and a setup script to compile a vulnerable version of libwebp with AddressSanitizer for testing.

Description

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.

Exploits (1)

nomisec WORKING POC 1 stars

by Songg45 · poc

https://github.com/Songg45/CVE-2023-4683-Test

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2023-4683, a heap-buffer-overflow vulnerability in libwebp. It includes pre-crafted malicious WebP files and a setup script to compile a vulnerable version of libwebp with AddressSanitizer for testing.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: libwebp (commit 7ba44f80f3b94fc0138db159afea770ef06532a0)

No auth needed

Prerequisites: Vulnerable version of libwebp · Ability to process crafted WebP files

MITRE ATT&CK

T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Patch

https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec

Exploit, Third Party Advisory

https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922

Scores

CVSS v3 5.5

EPSS 0.0030

EPSS Percentile 21.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (1)

gpac/gpac < 2.3-dev

Published Aug 31, 2023

Tracked Since Feb 18, 2026