Vulnerabilities > CVE-2021-40570 - Double Free vulnerability in Gpac 1.0.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
Common Weakness Enumeration (CWE)
References
- https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302
- https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302
- https://github.com/gpac/gpac/issues/1899
- https://github.com/gpac/gpac/issues/1899
- https://www.debian.org/security/2023/dsa-5411
- https://www.debian.org/security/2023/dsa-5411