CVE-2023-48090: 
NixOS vulnerability analysis and mitigation

GPAC 2.3-DEV-rev617-g671976fcc-master was identified with a memory leak vulnerability (CVE-2023-48090) in the extractattributes function located in mediatools/m3u8.c at line 329. The vulnerability was discovered and reported on November 7, 2023 (GitHub Issue).

The vulnerability is characterized by direct and indirect memory leaks in the extract_attributes function. According to the analysis, there is a direct leak of 120 bytes in one object and an indirect leak of 11 bytes in another object, totaling 131 bytes of leaked memory. The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H (NVD).

The memory leaks can lead to program performance degradation, system crashes, or unpredictable behavior. The CVSS scoring indicates high impacts on integrity and availability of the system, though there is no direct impact on confidentiality (GitHub Issue).

As of the latest reports, the vulnerability remains active in the affected version. Users should monitor for updates from the GPAC project for patches addressing this issue (Debian Tracker).