The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmxfinalize function in reframeav1.c, which allows attackers to cause a denial of service.
{ "urgency": "not yet assigned" }