CVE-2021-40574

Published: Jan 13, 2022

Modified: Mar 5, 2025

PUBLISHED

Description

The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/gpac/gpac/issues/1897

https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb

DSA-5411

vendor-advisory

https://github.com/gpac/gpac/blob/v0.9.0-preview/src/filters/load_text.c#L232

https://github.com/gpac/gpac/blob/v0.9.0-preview/src/filters/load_text.c#L304

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-40574

Description

Affected Products

References