CVE-2020-11558

Name of the Vulnerable Software and Affected Versions GPAC version 0.8.0

Description An issue in libgpac.a, as demonstrated by MP4Box, leads to improper decision-making in audio sample entry Read in isomedia/box code base.c regarding gf isom box del calls. This results in use-after-free outcomes involving mdia Read, gf isom delete movie, and gf isom parse movie boxes.

Recommendations For GPAC version 0.8.0, consider disabling the audio sample entry Read function in isomedia/box code base.c as a temporary workaround until a patch is available. Restrict access to the libgpac.a library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.