CVE-2020-35979 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Arbitrary code execution
Description	An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1823	gpac	1:1.0.1-1		Medium	Vulnerable

References
https://github.com/gpac/gpac/issues/1662 https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-c4f8bc6e_poc/gp_rtp_builder_do_avc-hepo https://github.com/gpac/gpac/commit/b15020f54aff24aaeb64b80771472be8e64a7adc

References

https://github.com/gpac/gpac/issues/1662
https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-c4f8bc6e_poc/gp_rtp_builder_do_avc-hepo
https://github.com/gpac/gpac/commit/b15020f54aff24aaeb64b80771472be8e64a7adc