Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-40944: Null pointer reference in GPAC at src/filter_core/filter_pid.c:5394 · Issue #1906 · gpac/gpac

In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).

CVE
#dos

if you try:
gpac -i test.nhml:reframe=1:index=1.0 inspect:deep
you should see the content of your nhml file

Using either of the following

gpac -i test.nhml:reframe=1:index=1.0 -o /dev/null
gpac -i test.nhml nhmlr:reframe=1:gpac:index=1.0 -o /dev/null

simply forward fin (raw file) to /dev/null because no extension/format is provided on the output, hence the message. You can check this adding -graph to your command line.

If you use:

gpac -i test.nhml:reframe=1:index=1.0 -o /dev/null:ext=mp4
gpac -i test.nhml nhmlr:reframe=1:gpac:index=1.0 -o /dev/null:ext=mp4

then a mp4 muxer will be loaded.

Otherwise you will need to force fout to only use inputs from nhmlr using link directives (here, ‘@’):

gpac -i test.nhml nhmlr:reframe=1 @ -o /dev/null:ext=mp4

Related news

Gentoo Linux Security Advisory 202408-21

Gentoo Linux Security Advisory 202408-21 - Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.2.0 are affected.

Debian Security Advisory 5411-1

Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907