CVE-2018-21015

gpac/gpac

on github

Published

September 16, 2019

Severity

CVSS v3:

6.5 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.

References

https://github.com/gpac/gpac/issues/1179
https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:gpac:gpac:0.7.1:::::::*	n/a	n/a	0.7.1
cpe:2.3:o:debian:debian_linux:8.0:::::::*	n/a	n/a	8.0

External Links

NVD - CVE-2018-21015