CVE-2023-1449

A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability.

CVSS v3 7.8 HIGH
CVSS v2.0 4.3 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 3.1 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/gpac/gpac/issues/2387	Exploit Issue Tracking Patch Third Party Advisory
https://github.com/xxy1126/Vuln/blob/main/gpac/2	Exploit
https://vuldb.com/?ctiid.223294	Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.223294	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:gpac:gpac:2.3:dev:*:*:*:*:*:*

History

07 Nov 2023, 04:03

Type	Values Removed	Values Added
CWE		CWE-415

21 Oct 2023, 09:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.debian.org/security/2023/dsa-5411', 'name': 'https://www.debian.org/security/2023/dsa-5411', 'tags': [], 'refsource': 'MISC'}~~
CWE	~~CWE-415~~

27 May 2023, 04:15

Type	Values Removed	Values Added
References		(MISC) https://www.debian.org/security/2023/dsa-5411 -

Information

Published : 2023-03-17 07:15

Updated : 2024-05-17 02:18

NVD link : CVE-2023-1449

Mitre link : CVE-2023-1449

CVE.ORG link : CVE-2023-1449

JSON object : View

Products Affected

gpac

gpac

CWE

CWE-415

Double Free

{"id": "CVE-2023-1449", "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}]}, "published": "2023-03-17T07:15:12.347", "references": [{"url": "https://github.com/gpac/gpac/issues/2387", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://github.com/xxy1126/Vuln/blob/main/gpac/2", "tags": ["Exploit"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.223294", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.223294", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability."}], "lastModified": "2024-05-17T02:18:06.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gpac:gpac:2.3:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0099B624-674B-4F45-9270-DD638617A1D1"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}