Related Vulnerabilities: CVE-2021-30019  

In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy.

Severity Medium

Remote Yes

Type Arbitrary code execution

Description

In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy.

AVG-1823 gpac 1:1.0.1-1 Medium Vulnerable

https://github.com/gpac/gpac/issues/1723
https://github.com/gpac/gpac/files/6219966/bug6.zip
https://github.com/gpac/gpac/commit/22774aa9e62f586319c8f107f5bae950fed900bc