CVE-2020-25427 - A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-mast

CVE-2020-25427

Summary

A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.

References

https://github.com/gpac/gpac/commit/8e585e623b1d666b4ef736ed609264639cb27701
https://github.com/gpac/gpac/issues/1406

Vulnerable Configurations

cpe:2.3:a:gpac:gpac:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:gpac:gpac:0.8.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-01-2022 - 20:55)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

Last major update

18-01-2022 - 20:55

Published

10-01-2022 - 22:15

Last modified

18-01-2022 - 20:55