PT-2021-18574 · Gpac · Gpac
Treebacker
·
Published
2021-04-19
·
Updated
2021-04-21
·
CVE-2021-30022
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
GPAC version 1.0.1
Description
The issue is caused by an integer overflow in the
gf avc read pps bs internal function in media tools/av parsers.c. This occurs because pps id can be a negative number, leading to an overflow since avc->pps only has 255 units, resulting in a crash.Recommendations
For GPAC version 1.0.1, as a temporary workaround, consider disabling the
gf avc read pps bs internal function until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gpac