CVE-2022-3957

A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.

Weakness 

The product does not release or incorrectly releases a resource before it is made available for re-use.

Affected Software 

Potential Mitigations 

• Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
• For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

Related Attack Patterns 

• https://cwe.mitre.org/data/definitions/125.html
• https://cwe.mitre.org/data/definitions/130.html
• https://cwe.mitre.org/data/definitions/131.html
• https://cwe.mitre.org/data/definitions/494.html
• https://cwe.mitre.org/data/definitions/495.html
• https://cwe.mitre.org/data/definitions/496.html
• https://cwe.mitre.org/data/definitions/666.html

References  

• https://github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb
• https://vuldb.com/?id.213463
• https://www.debian.org/security/2023/dsa-5411
• https://github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb
• https://vuldb.com/?id.213463
• https://www.debian.org/security/2023/dsa-5411