CVE-2021-30022 - log back

CVE-2021-30022 edited at 19 Apr 2021 21:12:02
Description
- There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 units, so there is an overflow, which results a crash.
+ There is an integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 units, so there is an overflow, which results a crash.
CVE-2021-30022 edited at 19 Apr 2021 21:09:12
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 units, so there is an overflow, which results a crash.
References
+ https://github.com/gpac/gpac/issues/1720
+ https://github.com/gpac/gpac/files/6219500/bug3.zip
+ https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
CVE-2021-30022 created at 19 Apr 2021 21:04:00
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes