CVE-2023-39562

GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.

Published: Aug 28, 2023
Updated: Sep 2, 2023
CVE: CVE-2023-39562
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
gpac / gpac	2.3-2.3-dev-rev449-g5948e4f70-master	2.3-2.3-dev-rev449-g5948e4f70-master.x

https://github.com/ChanStormstout/Pocs/blob/master/gpac_POC/id%3A000000%2Csig%3A06%2Csrc%3A003771%2Ctime%3A328254%2Cexecs%3A120473%2Cop%3Ahavoc%2Crep%3A8
https://github.com/gpac/gpac/issues/2537

Vulnerability Database

290,206

CVE-2023-39562