Integer Overflow in gf_avc_read_pps_bs_internal in GPAC 1.0.1

Integer Overflow in gf_avc_read_pps_bs_internal in GPAC 1.0.1

CVE-2021-30022 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash.

Learn more about our Internal Network Penetration Testing.