CVE-2021-40592

gpac/gpac

on github

Published

June 8, 2022

Severity

CVSS v3:

5.5 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.

References

https://github.com/gpac/gpac/issues/1876
https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0a
https://www.debian.org/security/2023/dsa-5411

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:gpac:gpac::::::::	n/a	1.0.1	*

External Links

NVD - CVE-2021-40592