---

CVE-2021-28300 - log back

CVE-2021-28300 edited at 19 Apr 2021 21:11:03

Description

- A NULL Pointer dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a denial of service (DoS) by uploading a malicious MP4 file. + A null pointer dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a denial of service (DoS) by uploading a malicious MP4 file.

CVE-2021-28300 edited at 14 Apr 2021 14:59:36
References	https://github.com/gpac/gpac/issues/1702 + https://github.com/gpac/gpac/files/6119931/poc.mp4.zip https://github.com/gpac/gpac/commit/c4a5109dad73abe25ad12d8d529a728ae98d78ca

CVE-2021-28300 edited at 14 Apr 2021 14:57:59
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ A NULL Pointer dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a denial of service (DoS) by uploading a malicious MP4 file.
References	+ https://github.com/gpac/gpac/issues/1702 + https://github.com/gpac/gpac/commit/c4a5109dad73abe25ad12d8d529a728ae98d78ca
Notes

CVE-2021-28300 created at 14 Apr 2021 14:56:53