Login Sign Up

CVE-2022-1795

9.8 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

CVE-2022-1795 is a use-after-free vulnerability in GPAC multimedia framework that allows attackers to execute arbitrary code or cause denial of service. This affects systems running vulnerable versions of GPAC prior to v2.1.0-DEV. Users processing untrusted multimedia files are at risk.

💻 Affected Systems

Products:
  • GPAC (GPAC Project on Advanced Content)
Versions: All versions prior to v2.1.0-DEV
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using GPAC libraries or tools to process multimedia files is affected.

📦 What is this software?

Gpac by Gpac

View all CVEs affecting Gpac →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the GPAC process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious multimedia files.

🟢

If Mitigated

Limited impact if proper sandboxing and privilege separation are implemented.

🌐 Internet-Facing: HIGH if GPAC is exposed to untrusted file uploads or processing.
🏢 Internal Only: MEDIUM for internal systems processing user-uploaded content.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires processing a specially crafted multimedia file. Proof-of-concept code is available in public repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.1.0-DEV and later

Vendor Advisory: https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514

Restart Required: Yes

Instructions:

1. Update GPAC to version 2.1.0-DEV or later. 2. Rebuild any applications using GPAC libraries. 3. Restart affected services.

🔧 Temporary Workarounds

Disable vulnerable parsers

all

Disable or restrict access to multimedia file processing features in GPAC.

# Configure GPAC to disable specific codecs or parsers if possible

Sandbox execution

linux

Run GPAC in a sandboxed environment with limited privileges.

# Use containerization (Docker) with minimal privileges
# Example: docker run --read-only --cap-drop=ALL gpac_container

🧯 If You Can't Patch

  • Implement strict input validation and sanitization for multimedia files.
  • Deploy network segmentation and restrict GPAC access to trusted sources only.

🔍 How to Verify

Check if Vulnerable:

Check GPAC version with 'gpac -version' or examine installed package version.

Check Version:

gpac -version 2>&1 | head -1

Verify Fix Applied:

Confirm version is 2.1.0-DEV or later and test with known safe multimedia files.

📡 Detection & Monitoring

Log Indicators:

  • GPAC process crashes
  • Memory access violation errors in system logs

Network Indicators:

  • Unusual outbound connections from GPAC process

SIEM Query:

process:gpac AND (event_id:1000 OR event_id:1001) OR process_crash:gpac

📊 Metadata

CVE ID: CVE-2022-1795
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: May 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1795, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)