CVE-2020-35979

HIGH

Gpac - Out-of-Bounds Write

Title source: rule

Description

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.

References (2)

[Patch, Third Party Advisory] https://github.com/gpac/gpac/commit/b15020f54aff24aaeb64b80771472be8e64a7adc

View Patch ZIP pw:eip

[Exploit, Third Party Advisory] https://github.com/gpac/gpac/issues/1662

Scores

CVSS v3 7.8

EPSS 0.0027

EPSS Percentile 50.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-787

Status published

Affected Products (2)

gpac/gpac

Timeline

Published Apr 21, 2021

Tracked Since Feb 18, 2026