Your submission was sent successfully! Close

CVE-2021-40570

Published: 13 January 2022

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
gpac
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

trusty Needs triage

upstream Needs triage

xenial Ignored
(out of standard support)
Patches:
upstream: https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302