Vulnerability Description
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gpac | Gpac | < 0.8.0 |
Related Weaknesses (CWE)
References
- https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090PatchThird Party Advisory
- https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8PatchThird Party Advisory
- https://github.com/gpac/gpac/issues/1269ExploitThird Party Advisory
- https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090PatchThird Party Advisory
- https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8PatchThird Party Advisory
- https://github.com/gpac/gpac/issues/1269ExploitThird Party Advisory
FAQ
What is CVE-2019-20628?
CVE-2019-20628 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial ...
How severe is CVE-2019-20628?
CVE-2019-20628 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-20628?
Check the references section above for vendor advisories and patch information. Affected products include: Gpac Gpac.