PT-2021-6487 · Gpac+1 · Gpac+1

Strongcourage

Published

2021-07-21

Updated

2021-07-31

CVE-2020-19488

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Gpac MP4Box version 0.8.0

Description The issue is related to an invalid read in the ilst item Read function, located in the box code apple.c component of the GPAC multimedia platform. This can lead to a Denial of Service. The vulnerability is associated with pointer dereference errors. An attacker can exploit this vulnerability to cause a disruption in service.

Recommendations For Gpac MP4Box version 0.8.0, consider disabling the ilst item Read function as a temporary workaround until a patch is available. Restrict access to the box code apple.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2022-01737

CVE-2020-19488

Affected Products

Gpac

Mp4Box

PT-2021-6487 · Gpac+1 · Gpac+1

CVE-2020-19488

Weakness Enumeration

Related Identifiers

Affected Products

References · 10