USN-3926-1: GPAC vulnerabilities

29 March 2019

GPAC could be made to crash or run programs as your login if it opened a specially crafted file.

Releases

Packages

  • gpac - GPAC Project on Advanced Content

Details

It was discovered that the GPAC MP4Box utility incorrectly handled certain
memory operations. If an user or automated system were tricked into opening a
specially crafted MP4 file, a remote attacker could use this issue to cause
MP4Box to crash, resulting in a denial of service, or possibly execute
arbitrary code.