PT-2022-11270 · Gpac+1 · Gpac+1
Jshuang
·
Published
2018-12-19
·
Updated
2023-05-27
·
CVE-2021-40592
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
GPAC versions prior to v1.0.1
Description
The issue is related to an infinite loop vulnerability in the ISOBMFF reader filter, specifically in the
isoffin read.c file. The isoffin process() function can result in a Denial of Service (DoS) due to an infinite loop. To exploit this, the victim must open a specially crafted mp4 file.Recommendations
For GPAC versions prior to v1.0.1, update to version v1.0.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the
isoffin process() function until a patch is available. Restrict access to specially crafted mp4 files to minimize the risk of exploitation.Exploit
Fix
DoS
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Gpac