Vulnerability Details : CVE-2023-1449
A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability.
Vulnerability category: Memory Corruption
Products affected by CVE-2023-1449
- cpe:2.3:a:gpac:gpac:2.3:dev:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-1449
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-1449
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:L/AC:L/Au:S/C:P/I:P/A:P |
3.1
|
6.4
|
VulDB | |
5.3
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
1.8
|
3.4
|
VulDB | |
5.3
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
1.8
|
3.4
|
VulDB | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2023-1449
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by: cna@vuldb.com (Primary)
References for CVE-2023-1449
-
https://www.debian.org/security/2023/dsa-5411
Debian -- Security Information -- DSA-5411-1 gpac
-
https://vuldb.com/?id.223294
Login requiredThird Party Advisory;VDB Entry
-
https://github.com/gpac/gpac/issues/2387
Double free in gf_av1_reset_state media_tools/av_parsers.c:4024 · Issue #2387 · gpac/gpac · GitHubExploit;Issue Tracking;Patch;Third Party Advisory
-
https://vuldb.com/?ctiid.223294
Login requiredPermissions Required;Third Party Advisory;VDB Entry
-
https://github.com/xxy1126/Vuln/blob/main/gpac/2
Vuln/2 at main · xxy1126/Vuln · GitHubExploit
Jump to