Headline
CVE-2021-40563: fixed #1892 · gpac/gpac@5ce0c90
A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.
@@ -1680,8 +1680,10 @@ static void naludmx_queue_param_set(GF_NALUDmxCtx *ctx, char *data, u32 size, u3
{
GF_List *list = NULL, *alt_list = NULL;
GF_NALUFFParam *sl;
u32 i, count;
u32 crc = gf_crc_32(data, size);
u32 i, count, crc;
if (!size) return;
crc = gf_crc_32(data, size);
if (ctx->codecid==GF_CODECID_HEVC) {
switch (ps_type) {