CVE-2021-40592

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-40592

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40592.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-40592

Related

Published

2022-06-08T18:15:08Z

Modified

2024-09-18T03:16:38.423931Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffinread.c. Function isoffinprocess() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.

References

Affected packages

Debian:11 / gpac

Package

Name: gpac
Purl: pkg:deb/debian/gpac?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1+dfsg1-4+deb11u2

Affected versions

1.*

1.0.1+dfsg1-4

1.0.1+dfsg1-4+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gpac/gpac

Affected ranges

Type: GIT
Repo: https://github.com/gpac/gpac
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

71460d72ec07df766dab0a4d52687529f3efcf0a

Affected versions

v0.*

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.8.0

v0.9.0

v0.9.0-preview

v1.*

v1.0.0

v1.0.1