Vulnerability Description
There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash.
CVSS Score
5.5
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gpac | Gpac | >= 0.9.0, <= 1.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/gpac/gpac/blob/v0.9.0-preview/src/media_tools/av_parsers.c#L6Product
- https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788PatchThird Party Advisory
- https://github.com/gpac/gpac/issues/1721ExploitThird Party Advisory
- https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788PatchThird Party Advisory
- https://github.com/gpac/gpac/issues/1721ExploitThird Party Advisory
FAQ
What is CVE-2021-30014?
CVE-2021-30014 is a vulnerability with a CVSS score of 5.5 (MEDIUM). There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash.
How severe is CVE-2021-30014?
CVE-2021-30014 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-30014?
Check the references section above for vendor advisories and patch information. Affected products include: Gpac Gpac.