CVE-2021-40592

Published: Jun 8, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.

Affected (1)

Products: Gpac: Gpac

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gpac Gpac	Before 1.0.1

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (6)

https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0a

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/gpac/gpac/issues/1876

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://www.debian.org/security/2023/dsa-5411

Source: cve@mitre.org

https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/gpac/gpac/issues/1876

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://www.debian.org/security/2023/dsa-5411

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.