CVE-2021-30199 — MEDIUM (5.5)

Vulnerability Description

In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gpac	Gpac	1.0.1

Related Weaknesses (CWE)

CWE-476

References

https://github.com/gpac/gpac/commit/b2db2f99b4c30f96e17b9a14537c776da6cb5dcaPatchThird Party Advisory
https://github.com/gpac/gpac/issues/1728ExploitThird Party Advisory
https://github.com/gpac/gpac/commit/b2db2f99b4c30f96e17b9a14537c776da6cb5dcaPatchThird Party Advisory
https://github.com/gpac/gpac/issues/1728ExploitThird Party Advisory

FAQ

What is CVE-2021-30199?

CVE-2021-30199 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.

How severe is CVE-2021-30199?

CVE-2021-30199 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-30199?

Check the references section above for vendor advisories and patch information. Affected products include: Gpac Gpac.