CVE Vulnerabilities

CVE-2023-4720

Floating Point Comparison with Incorrect Operator

Published: Sep 01, 2023 | Modified: Sep 06, 2023
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.

Weakness

The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision.

Affected Software

Name Vendor Start Version End Version
Gpac Gpac * 2.3-dev (excluding)
Gpac Ubuntu bionic *
Gpac Ubuntu lunar *
Gpac Ubuntu trusty *
Gpac Ubuntu xenial *

Extended Description

Numeric calculation using floating point values can generate imprecise results because of rounding errors. As a result, two different calculations might generate numbers that are mathematically equal, but have slightly different bit representations that do not translate to the same mathematically-equal values. As a result, an equality test or other comparison might produce unexpected results. This issue can prevent the product from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.

References