Vulnerability Description
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gpac | Gpac | < 1.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0aPatchThird Party Advisory
- https://github.com/gpac/gpac/issues/1876ExploitIssue TrackingThird Party Advisory
- https://www.debian.org/security/2023/dsa-5411
- https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0aPatchThird Party Advisory
- https://github.com/gpac/gpac/issues/1876ExploitIssue TrackingThird Party Advisory
- https://www.debian.org/security/2023/dsa-5411
FAQ
What is CVE-2021-40592?
CVE-2021-40592 is a vulnerability with a CVSS score of 5.5 (MEDIUM). GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, iso...
How severe is CVE-2021-40592?
CVE-2021-40592 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40592?
Check the references section above for vendor advisories and patch information. Affected products include: Gpac Gpac.