Hu1Y40

**Name of the Vulnerable Software and Affected Versions** MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master **Description** The issue is related to an infinite loop in the `av1 uvlc` function at `media tools/av parsers.c`. This allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. **Recommendations** For MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master, consider disabling the `av1 uvlc` function as a temporary workaround until a patch is available. Restrict access to crafted MP4 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHZ76 RtspServer version 1.0.0 **Description** A critical issue was found in the `ParseRequestLine` function of the `RtspMesaage.cpp` file, leading to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been disclosed publicly. The vendor was contacted about this issue but did not respond. **Recommendations** For PHZ76 RtspServer version 1.0.0, as a temporary workaround, consider disabling the `ParseRequestLine` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.