Vulnerabilities > CVE-2021-40574 - Double Free vulnerability in Gpac 1.0.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
Common Weakness Enumeration (CWE)
References
- https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb
- https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb
- https://github.com/gpac/gpac/issues/1897
- https://github.com/gpac/gpac/issues/1897
- https://www.debian.org/security/2023/dsa-5411
- https://www.debian.org/security/2023/dsa-5411