Cyber Resilience

CVE-2022-4202

MediumPublic PoC

Published: 29 November 2022

Published
29 November 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS Score 0.0060 70.1th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-4202 is a medium-severity an unspecified weakness vulnerability in Gpac Gpac. Its CVSS base score is 6.3 (Medium).

Operationally, ranked in the top 29.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed…

more

to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gpac
gpac
2.1-dev-rev490-g68064e101-master

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References