-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability description and the commit message explicitly state that the rkmpp_retrieve_frame function in libavcodec/rkmppdec.c is affected by a double-free vulnerability. The provided patch, obtained via get_commit_infos, modifies this function to correct the error handling that led to the double free. Specifically, the patch adds a call to av_frame_unref(frame) before returning an error in a case where frame->hw_frames_ctx allocation fails. This ensures that resources held by frame (which may have been allocated to frame->buf[0] prior to this check, as per the commit message) are properly released once, preventing them from being freed again by other cleanup mechanisms or when frame is unreferenced later, which was the cause of the double free.
Ongoing coverage of React2Shell