CVE-2023-4755: 
NixOS vulnerability analysis and mitigation

A Use After Free vulnerability was discovered in GitHub repository gpac/gpac prior to version 2.3-DEV. The vulnerability was assigned CVE-2023-4755 and was reported on September 4, 2023. The vulnerability affects the GPAC software package (NVD, CVE).

The vulnerability is classified as CWE-416 (Use After Free). According to the CVSS 3.1 scoring, it has a base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. An alternative assessment from huntr.dev rated it with a CVSS 3.0 score of 5.3 (MEDIUM) with vector string CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (NVD).

Based on the CVSS scoring and vector strings, the vulnerability primarily affects the availability of the system when exploited, with no direct impact on confidentiality or integrity according to the NVD assessment. The vulnerability requires local access and user interaction to be exploited (NVD).

A patch has been released to address this vulnerability. Users should upgrade to GPAC version 2.3-DEV or later. The fix is documented in the GitHub commit 895ac12da168435eb8db3f96978ffa4c69d66c3a (GitHub Patch).