An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file.
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gpac | Gpac | * | 0.8.0 (excluding) |
Gpac | Ubuntu | bionic | * |
Gpac | Ubuntu | eoan | * |
Gpac | Ubuntu | groovy | * |
Gpac | Ubuntu | trusty | * |
Gpac | Ubuntu | trusty/esm | * |
Gpac | Ubuntu | xenial | * |
This weakness can take several forms, such as: