CVE-2021-30022

Опубликовано: 19 апр. 2021

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC from 0.5.2 to 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash.

Ссылки

https://github.com/gpac/gpac/blob/v0.5.2/src/media_tools/av_parsers.c#L2344
Product
https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
Patch
Third Party Advisory
https://github.com/gpac/gpac/issues/1720
Exploit
Third Party Advisory
https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
Patch
Third Party Advisory
https://github.com/gpac/gpac/issues/1720
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*

Версия от 0.5.2 (включая) до 1.0.1 (включая)

EPSS

Процентиль: 26%

0.0009

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2021-30022

CVSS3: 5.5

ubuntu

почти 5 лет назад

CVE-2021-30022

CVSS3: 5.5

debian

почти 5 лет назад

There is a integer overflow in media_tools/av_parsers.c in the gf_avc_ ...

GHSA-jqgc-m9mv-xqwm

github

больше 3 лет назад

There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash.

EPSS

Процентиль: 26%

0.0009

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190