Your submission was sent successfully! Close

CVE-2021-40573

Published: 13 January 2022

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
gpac
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

trusty Needs triage

upstream Needs triage

xenial Ignored
(out of standard support)
Patches:
upstream: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a