CVE-2023-50120

Name of the Vulnerable Software and Affected Versions MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master

Description The issue is related to an infinite loop in the av1 uvlc function at media tools/av parsers.c. This allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Recommendations For MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master, consider disabling the av1 uvlc function as a temporary workaround until a patch is available. Restrict access to crafted MP4 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.