CVE-2019-20630 — Out-of-bounds Read in Gpac

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 44.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gpac Debian Gpac

Timeline

PublishedMar 24

Latest updateMay 24

Description

An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDgpac/gpac< 0.8.0

▶debiandebian/gpac< gpac 1.0.1+dfsg1-2 (bullseye)

▶Debiangpac/gpac< 1.0.1+dfsg1-2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-v4pj-7x97-8hjm: An issue was discovered in libgpac↗2022-05-24

▶

OSV

CVE-2019-20630: An issue was discovered in libgpac↗2020-03-24

▶

📋Vendor Advisories

Debian

CVE-2019-20630: gpac - An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP...↗2019

▶