CVE-2019-20632 — Release of Invalid Pointer or Reference in Gpac

CWE-763 — Release of Invalid Pointer or Reference4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 44.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gpac Debian Gpac

Timeline

PublishedMar 24

Latest updateMay 24

Description

An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDgpac/gpac< 0.8.0

▶debiandebian/gpac< gpac 1.0.1+dfsg1-2 (bullseye)

▶Debiangpac/gpac< 1.0.1+dfsg1-2

🔴Vulnerability Details

GHSA

GHSA-6wmg-qg5v-2rch: An issue was discovered in libgpac↗2022-05-24

▶

OSV

CVE-2019-20632: An issue was discovered in libgpac↗2020-03-24

▶

📋Vendor Advisories

Debian

CVE-2019-20632: gpac - An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP...↗2019

▶