The vulnerability of the svg_parse_preserveaspectratio() function in the SVG Parser component of the GPAC multimedia platform allows a attacker to trigger a service failure.

🗓️ 23 Nov 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

SVG Parser vulnerability in the GPAC platform may cause service failure from improper resource cleanup.

Reporter	Title	Published	Views	Family All 165
Circl	CVE-2022-3957	13 Nov 202205:55	–	circl
CNNVD	GPAC 安全漏洞	11 Nov 202200:00	–	cnnvd
CVE	CVE-2022-3957	11 Nov 202200:00	–	cve
Cvelist	CVE-2022-3957 GPAC SVG Parser svg_attributes.c svg_parse_preserveaspectratio memory leak	11 Nov 202200:00	–	cvelist
Debian	[SECURITY] [DSA 5411-1] gpac security update	26 May 202314:00	–	debian
Debian CVE	CVE-2022-3957	11 Nov 202200:00	–	debiancve
Tenable Nessus	Debian DSA-5411-1 : gpac - security update	27 May 202300:00	–	nessus
Tenable Nessus	GLSA-202408-21 : GPAC: Multiple Vulnerabilities	10 Aug 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2022-3957	30 Aug 202500:00	–	nessus
EUVD	EUVD-2022-43290	3 Oct 202520:07	–	euvd

Source	Link
redos	www.redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-gpac-cve-2022-3957/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-3957
github	www.github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb
vuldb	www.vuldb.com/
motionspell	www.motionspell.com/2022/11/08/gpac-netflix-press-release/
gpac	www.gpac.wp.imt.fr/2022/11/08/press-release-motion-spell-deploys-gpac-open-source-software-with-netflix/
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.11/
web	www.web.nvd.nist.gov/view/vuln/detail

26 Aug 2024 00:00Current

7High risk

Vulners AI Score7

CVSS 36.5

CVSS 27.8

EPSS0.01038

SVG Parser GPAC platform Resource cleanup Service failure