CVE-2021-30015 — MEDIUM (5.5)

Vulnerability Description

There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gpac	Gpac	1.0.1

Related Weaknesses (CWE)

CWE-476

References

https://github.com/gpac/gpac/commit/13dad7d5ef74ca2e6fe4010f5b03eb12e9bbe0ecPatchThird Party Advisory
https://github.com/gpac/gpac/issues/1719ExploitThird Party Advisory
https://github.com/gpac/gpac/commit/13dad7d5ef74ca2e6fe4010f5b03eb12e9bbe0ecPatchThird Party Advisory
https://github.com/gpac/gpac/issues/1719ExploitThird Party Advisory

FAQ

What is CVE-2021-30015?

CVE-2021-30015 is a vulnerability with a CVSS score of 5.5 (MEDIUM). There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL....

How severe is CVE-2021-30015?

CVE-2021-30015 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-30015?

Check the references section above for vendor advisories and patch information. Affected products include: Gpac Gpac.