AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.
References
Link | Resource |
---|---|
https://github.com/gpac/gpac/issues/1179 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html | Mailing List Third Party Advisory |
Configurations
History
28 Feb 2023, 19:39
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Debian debian Linux |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
Information
Published : 2019-09-16 13:15
Updated : 2023-12-10 12:59
NVD link : CVE-2018-21015
Mitre link : CVE-2018-21015
CVE.ORG link : CVE-2018-21015
JSON object : View
Products Affected
debian
- debian_linux
gpac
- gpac
CWE
CWE-476
NULL Pointer Dereference