CVE-2020-24829

MEDIUM

GPAC 0.5.2-0.8.0 - Heap-Based Buffer Overflow in MP4Box via Crafted MP4 File

Title source: llm

Description

An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file.

References (3)

Core 3

Core References

Product

https://github.com/gpac/gpac/blob/v0.5.2/src/media_tools/mpegts.c#L2204

Patch

https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2

View Patch ZIP pw:eip

Exploit, Issue Tracking, Third Party Advisory

https://github.com/gpac/gpac/issues/1422

Scores

CVSS v3 5.5

EPSS 0.0096

EPSS Percentile 56.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-787

Status published

Products (1)

gpac/gpac 0.5.2 - 0.8.0

Published Aug 04, 2021

Tracked Since Feb 18, 2026