A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/write_nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be used. This patch is called bd1d94e70e3bef364c07c5a1d94eca5c9f56e160. A patch should be applied to remediate this issue. The project explains: "I would consider most of these more as bugs than vulns but anyway they're good to fix".
{
"binaries": [
{
"binary_name": "gpac",
"binary_version": "0.5.0+svn4288~dfsg1-4ubuntu1+esm2"
},
{
"binary_name": "gpac-modules-base",
"binary_version": "0.5.0+svn4288~dfsg1-4ubuntu1+esm2"
},
{
"binary_name": "libgpac2",
"binary_version": "0.5.0+svn4288~dfsg1-4ubuntu1+esm2"
}
]
}{
"binaries": [
{
"binary_name": "gpac",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2"
},
{
"binary_name": "gpac-modules-base",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2"
},
{
"binary_name": "libgpac4",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2"
}
]
}{
"binaries": [
{
"binary_name": "gpac",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1"
},
{
"binary_name": "gpac-modules-base",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1"
},
{
"binary_name": "libgpac4",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1"
}
]
}{
"binaries": [
{
"binary_name": "gpac",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2"
},
{
"binary_name": "gpac-modules-base",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2"
},
{
"binary_name": "libgpac4",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2"
}
]
}