CVE-2022-3957

2022-11-1116:15:16

CWE-404

CWE-401

[email protected]

web.nvd.nist.gov

gpac

vulnerability

svg_parse_preserveaspectratio

svg parser

memory leak

remote attack

patch

2191e66aa7df750e8ef01781b1930bea87b713bb

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

JSON

A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.

Affected configurations

NVD

Node

gpacgpacRange<2.2.0

CPENameOperatorVersion
gpac:gpacgpaclt2.2.0

CPE	Name	Operator	Version
gpac:gpac	gpac	lt	2.2.0

CNA Affected

[
  {
    "vendor": "unspecified",
    "product": "GPAC",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]