Vulnerabilities > CVE-2022-29339 - Reachable Assertion vulnerability in Gpac

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

gpac

CWE-617

NVD

Published: 2022-05-05

Updated: 2022-05-13

Summary

In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.

Vulnerable Configurations

Part	Description	Count
Application	Gpac Gpac Gpac 0.5.2 Gpac Gpac 0.6.0 Gpac Gpac 0.6.1 Gpac Gpac 0.7.0 Gpac Gpac 0.7.1 Gpac Gpac 0.8.0 Gpac Gpac 0.9.0 Gpac Gpac 0.9.0-Development-20191109 Gpac Gpac 1.0 Gpac Gpac 1.0.1 Gpac Gpac 1.1.0	11

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

https://github.com/gpac/gpac/issues/2165
https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f