PT-2021-11890 · Gpac · Gpac
Clingto
+4
·
Published
2021-04-21
·
Updated
2021-04-23
·
CVE-2020-35979
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
GPAC versions 0.8.0 through 1.0.1
Description:
A heap-based buffer overflow issue exists in the
gp rtp builder do avc() function, located in the ietf/rtp pck mpeg4.c file.Recommendations:
For GPAC version 0.8.0, update to a version that fixes the issue.
For GPAC version 1.0.1, update to a version that fixes the issue.
As a temporary workaround, consider disabling the
gp rtp builder do avc() function until a patch is available.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gpac