CVE-2021-40592

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-40592

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40592.json

Related

DSA-5411-1

Published

2022-06-08T18:15:08Z

Modified

2023-11-29T09:02:18.341409Z

Details

GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffinread.c. Function isoffinprocess() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.

References

https://www.debian.org/security/2023/dsa-5411
https://github.com/gpac/gpac/issues/1876
https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0a

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type: GIT
Repo: https://github.com/gpac/gpac
Events: Introduced

0The exact introduced commit is unknown

Fixed

71460d72ec07df766dab0a4d52687529f3efcf0a

Affected versions

v0.*

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.8.0

v0.9.0

v0.9.0-preview

v1.*

v1.0.0

v1.0.1