Vulnerability Description
The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gpac | Gpac | >= 0.9.0, <= 1.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/gpac/gpac/blob/v0.9.0-preview/src/filters/load_text.c#L232Product
- https://github.com/gpac/gpac/blob/v0.9.0-preview/src/filters/load_text.c#L304Product
- https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcbPatchThird Party Advisory
- https://github.com/gpac/gpac/issues/1897ExploitIssue TrackingThird Party Advisory
- https://www.debian.org/security/2023/dsa-5411Mailing ListThird Party Advisory
- https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcbPatchThird Party Advisory
- https://github.com/gpac/gpac/issues/1897ExploitIssue TrackingThird Party Advisory
- https://www.debian.org/security/2023/dsa-5411Mailing ListThird Party Advisory
FAQ
What is CVE-2021-40574?
CVE-2021-40574 is a vulnerability with a CVSS score of 7.8 (HIGH). The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even co...
How severe is CVE-2021-40574?
CVE-2021-40574 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40574?
Check the references section above for vendor advisories and patch information. Affected products include: Gpac Gpac.