CVE-2021-29279 Information
Jun 07, 2022
cve
Description
There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which the arg const GF_PropertyValue valuemaybe value->value.data.size is a negative number. In result memcpy in gf_props_assign_value failed.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
https://github.com/gpac/gpac/issues/1718 https://github.com/gpac/gpac/commit/da69ad1f970a7e17c865eaec9af98cc84df10d5b
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: