CVE-2021-30020

Опубликовано: 19 апр. 2021

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop.

Ссылки

https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
Patch
Third Party Advisory
https://github.com/gpac/gpac/issues/1722
Exploit
Third Party Advisory
https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
Patch
Third Party Advisory
https://github.com/gpac/gpac/issues/1722
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gpac:gpac:1.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00265

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2021-30020

CVSS3: 5.5

ubuntu

почти 5 лет назад

CVE-2021-30020

CVSS3: 5.5

debian

почти 5 лет назад

In the function gf_hevc_read_pps_bs_internal function in media_tools/a ...

GHSA-865c-9wv7-4j76

github

больше 3 лет назад

EPSS

Процентиль: 50%

0.00265

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-787