CVE-2020-19481 — Out-of-bounds Read in Gpac

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 49.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gpac Debian Gpac

Timeline

PublishedJul 21

Latest updateMay 24

Description

An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDgpac/gpac< 0.8.0

▶debiandebian/gpac< gpac 1.0.1+dfsg1-2 (bullseye)

▶Debiangpac/gpac< 1.0.1+dfsg1-2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-p529-vwrw-98rc: An issue was discovered in GPAC before 0↗2022-05-24

▶

OSV

CVE-2020-19481: An issue was discovered in GPAC before 0↗2021-07-21

▶

📋Vendor Advisories

Debian

CVE-2020-19481: gpac - An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It cont...↗2020

▶

💬Community

Bugzilla

CVE-2019-19481 opensc: Improper handling of buffer limits for CAC certificates↗2019-12-12

▶