CVE-2021-28300

gpac/gpac

on github

Published

April 14, 2021

Severity

CVSS v3:

9.8 CRITICAL

CVSS v2:

7.5 HIGH

Description

NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.

References

https://github.com/gpac/gpac/issues/1702

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:gpac:gpac:0.5.2:::::::*	n/a	n/a	0.5.2

External Links

NVD - CVE-2021-28300