6.5
CVE-2022-3957
- EPSS 0.94%
- Veröffentlicht 11.11.2022 16:15:16
- Zuletzt bearbeitet 21.11.2024 07:20:36
- CVE-Watchlists
- Unerledigt
GPAC SVG Parser svg_attributes.c svg_parse_preserveaspectratio memory leak
A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.94% | 0.561 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| cna@vuldb.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
CWE-404 Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
https://www.debian.org/security/2023/dsa-5411
https://github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb
https://vuldb.com/?id.213463