CVE-2021-45764 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Gpac

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 76.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 14

Latest updateJan 15

Description

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra().

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

▶debiandebian/gpac< gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)

▶Debiangpac/gpac< 1.0.1+dfsg1-4+deb11u2

▶NVDgpac/gpac1.1.0

GHSA

GHSA-mh95-x4g6-p3xr: GPAC v1↗2022-01-15

▶

OSV

CVE-2021-45764: GPAC v1↗2022-01-14

▶

Debian

CVE-2021-45764: gpac - GPAC v1.1.0 was discovered to contain an invalid memory address dereference via ...↗2021

▶