Lucene search

GoogleOSV:CVE-2022-3957

HistoryNov 11, 2022 - 4:15 p.m.

CVE-2022-3957

2022-11-1116:15:16

Google

osv.dev

gpac

svg parser

memory leak

remote attack

patch

vdb-213463

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

JSON

A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.

CPENameOperatorVersion
gpaceq1.0.0
gpaceq0.9.0
gpaceq2.0.0
gpaceq0.6.1
gpaceq0.7.1
gpaceq0.6.0
gpaceq0.5.2
gpaceq1.0.1
gpaceq0.7.0
gpaceq0.8.0

Name	Operator	Version
gpac	eq	1.0.0
gpac	eq	0.9.0
gpac	eq	2.0.0
gpac	eq	0.6.1
gpac	eq	0.7.1
gpac	eq	0.6.0
gpac	eq	0.5.2
gpac	eq	1.0.1
gpac	eq	0.7.0
gpac	eq	0.8.0

Rows per page:

1-10 of 111

References

github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb

vuldb.com/?id.213463

www.debian.org/security/2023/dsa-5411

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

JSON

Related for OSV:CVE-2022-3957