CVE-2023-4720 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
@huntrdev	CNA	4 MEDIUM	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Vendor	Product	Version
gpac	gpac	𝑥 < 2.3-dev

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

gpac

bullseye (security)	vulnerable
bullseye	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

gpac

oracular	dne
noble	needs-triage
mantic	dne
lunar	ignored
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	ignored

Known Exploits!

Common Weakness Enumeration

CWE-1077 - Floating Point Comparison with Incorrect Operator
The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision.

References

https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a

https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad

https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a

https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad