Headline
CVE-2021-40944: Null pointer reference in GPAC at src/filter_core/filter_pid.c:5394 · Issue #1906 · gpac/gpac
In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).
if you try:
gpac -i test.nhml:reframe=1:index=1.0 inspect:deep
you should see the content of your nhml file
Using either of the following
gpac -i test.nhml:reframe=1:index=1.0 -o /dev/null
gpac -i test.nhml nhmlr:reframe=1:gpac:index=1.0 -o /dev/null
simply forward fin (raw file) to /dev/null because no extension/format is provided on the output, hence the message. You can check this adding -graph to your command line.
If you use:
gpac -i test.nhml:reframe=1:index=1.0 -o /dev/null:ext=mp4
gpac -i test.nhml nhmlr:reframe=1:gpac:index=1.0 -o /dev/null:ext=mp4
then a mp4 muxer will be loaded.
Otherwise you will need to force fout to only use inputs from nhmlr using link directives (here, ‘@’):
gpac -i test.nhml nhmlr:reframe=1 @ -o /dev/null:ext=mp4
Related news
Gentoo Linux Security Advisory 202408-21 - Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.2.0 are affected.
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.