GPAC 1.0.1 gf_isom_dovi_config_get heap-based overflow

A vulnerability was found in GPAC 1.0.1. It has been rated as critical. This issue affects the function gf_isom_dovi_config_get. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field01/13/2022 06:47 AM01/15/2022 12:47 PM
nameGPACGPAC
version1.0.11.0.1
functiongf_isom_dovi_config_getgf_isom_dovi_config_get
cwe122 (memory corruption)122 (memory corruption)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rcCC
identifier18461846
urlhttps://github.com/gpac/gpac/issues/1846https://github.com/gpac/gpac/issues/1846
cveCVE-2021-36417CVE-2021-36417
cve_assigned16260408001626040800
date1642028400 (01/13/2022)1642028400 (01/13/2022)
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore5.25.2
cvss2_vuldb_tempscore5.25.2
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.55.5
cvss3_meta_basescore5.55.5
cvss3_meta_tempscore5.55.5
price_0day$0-$5k$0-$5k
cve_nvd_summaryA heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.

Might our Artificial Intelligence support you?

Check our Alexa App!