Description
There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash.
References
https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
PatchThird Party Advisory
https://github.com/gpac/gpac/issues/1721
ExploitThird Party Advisory
https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
PatchThird Party Advisory
https://github.com/gpac/gpac/issues/1721
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-04-19T20:15:14.363
4 years agoLast modified
2025-03-07T20:25:44.943
4 months ago