CVE-2021-31260

Опубликовано: 19 апр. 2021

Источник: debian

Описание

The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gpac	fixed	1.0.1+dfsg1-4		package
gpac	no-dsa		buster	package
gpac	no-dsa		stretch	package
ccextractor	fixed	0.93+ds2-1		package
ccextractor	no-dsa		bullseye	package
ccextractor	no-dsa		buster	package

Примечания

https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9
https://github.com/gpac/gpac/issues/1736

Связанные уязвимости

CVE-2021-31260

CVSS3: 5.5

ubuntu

почти 5 лет назад

The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

CVE-2021-31260

CVSS3: 5.5

nvd

почти 5 лет назад

The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

GHSA-m6cw-m47w-wq2g

github

больше 3 лет назад

The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.