Headline
CVE-2021-40567: fixed #1885 · gpac/gpac@f5a038e
Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service.
@@ -1241,7 +1241,7 @@ GF_Err gf_hinter_finalize(GF_ISOFile *file, GF_SDP_IODProfile IOD_Profile, u32 b
if (gf_isom_get_sample_count(file, sceneT)==1) {
samp = gf_isom_get_sample(file, sceneT, 1, &descIndex);
if (samp && gf_hinter_can_embbed_data(samp->data, samp->dataLength, GF_STREAM_SCENE)) {
InitSL_NULL(&slc);
slc.timeScale = slc.timestampResolution = gf_isom_get_media_timescale(file, sceneT);
slc.OCRResolution = 1000;
slc.startCTS = samp->DTS+samp->CTS_Offset;