Published: 14/04/2021 Updated: 21/04/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows malicious users to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.

Vulnerable Product	Search on Vulmon	Subscribe to Product

Debian Bug report logs - #994746 ccextractor embeds unpatched and vulnerable source code from gpac Package: ccextractor; Maintainer for ccextractor is Freexian Packaging Team <team+freexian@trackerdebianorg>; Source for ccextractor is src:ccextractor (PTS, buildd, popcon) Reported by: Neil Williams <codehelp@debianorg& ...

Debian Bug report logs - #987020 gpac: CVE-2021-28300 Package: src:gpac; Maintainer for src:gpac is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 15 Apr 2021 18:45:01 UTC Severity: important Tags: security, upstream Found in versi ...

A NULL Pointer dereference in the "isomedia/trackc" module's "MergeTrack()" function of GPAC v052 allows attackers to execute arbitrary code or cause a denial of service (DoS) by uploading a malicious MP4 file ...

CWE-476 https://github.com/gpac/gpac/issues/1702 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994746 https://security.archlinux.org/CVE-2021-28300

CVE-2021-28300

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect