CVE-2019-20631Release of Invalid Pointer or Reference in Gpac

CWE-763Release of Invalid Pointer or Reference4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 45.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GpacDebian Gpac
Timeline
PublishedMar 24
Latest updateMay 24

Description

An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDgpac/gpac< 0.8.0
debiandebian/gpac< gpac 1.0.1+dfsg1-2 (bullseye)
Debiangpac/gpac< 1.0.1+dfsg1-2

🔴Vulnerability Details

2
GHSA
GHSA-3h52-fhpg-8fqw: An issue was discovered in libgpac2022-05-24
OSV
CVE-2019-20631: An issue was discovered in libgpac2020-03-24

📋Vendor Advisories

1
Debian
CVE-2019-20631: gpac - An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP...2019
CVE-2019-20631 — Gpac vulnerability | cvebase