CVE-2018-21015

Name of the Vulnerable Software and Affected Versions GPAC version 0.7.1

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted file. This occurs because the cfg variable could be NULL when the line cfg new->AVCLevelIndication = cfg->AVCLevelIndication; is executed in the AVC DuplicateConfig() function at isomedia/avc ext.c.

Recommendations For GPAC version 0.7.1, consider adding a NULL check for the cfg variable before accessing its members in the AVC DuplicateConfig() function to prevent the NULL pointer dereference.