{"id":"CVE-2022-2453","summary":"Use After Free in gpac/gpac","details":"Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.","modified":"2026-04-02T07:49:47.710245Z","published":"2022-07-19T13:30:35Z","database_specific":{"cna_assigner":"@huntrdev","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2453.json","cwe_ids":["CWE-416"]},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/c8c964de-046a-41b2-9ff5-e25cfdb36b5a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2453.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2453"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"last_affected":"418db4149af78773815b5f6a7030a120037ba140"},{"fixed":"dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.0"}]}}],"versions":["v0.5.2","v0.6.0","v0.6.1","v0.7.0","v0.7.1","v0.8.0","v0.8.1","v0.9.0","v0.9.0-preview","v1.0.0","v1.0.1","v2.0.0"],"database_specific":{"vanir_signatures":[{"digest":{"length":1987,"function_hash":"71903033697372001425531957730357181933"},"deprecated":false,"signature_version":"v1","target":{"file":"src/bifs/field_decode.c","function":"BD_DecMFFieldVec"},"id":"CVE-2022-2453-62e59b98","source":"https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c","signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["281989440573558786782329138257647261199","255712746881161000166661983306439513854","289378296873337130798050131575012526448","82759689489477924745610401019832498926","95318937507613805638865550723019520936","113302760028463781095810160303110883548","186914824087362541243956508444581725902","237657106869882900034179344929628003706","97352766075978722674822097948319038503","16456366249434553653176951856431372435","215737759893469369304542875573276216060","96261695402619030935903866555067582532","239540025691497965050776858944448866592","142493591381315899286683463792550111404","105759714308785978993276225306430661866","96781765287920196348156344161234929174","77405988981525582611359985159984794685","285910613239824661881427227245731536559","273556490739453168564717070785102297532","296928145658827020203344561956002233198","226170251205681220540009008551911811013","321738737775789289693590007157484948513","210667157040323632220986183398834011042","157859387482137229192579101840468548104","47995569089838679228249560784460182855","208968523793153711194337159855627210318","52014606928165074710019081975251868332","60414627623424457045931733597615152237","317761914374869405839157009462160743010","40313201213543189697696190143524120372","189629107543392035404580764891002644912","191345922998862014970548970050210484614","301693501841221659488904160081018531272","161242935720428334045628083152178776178","15337165939809186252837195393179426714","83855219952172348760244571671865121747","266137984902407596692249464292748798215","61345722376981000432724075627533111336","299080524103467191233242418656482529009","264320836546916293109932013314879300342","191090359217837398391759641117539293033","37427024301355133879457482984109349310","39069810413270497525142166610219334790","212631642382836070397389840751985938475","233642629282064297757262609805715421977","264319504159191008964678352055434946841","106632530806868060607079246373544417628"]},"deprecated":false,"signature_version":"v1","target":{"file":"src/bifs/field_decode.c"},"id":"CVE-2022-2453-dff0ed21","source":"https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c","signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2453.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}