Lucene search

[email protected]CVE-2021-31256

HistoryApr 19, 2021 - 7:15 p.m.

CVE-2021-31256

2021-04-1919:15:18

CWE-401

[email protected]

web.nvd.nist.gov

cve-2021-31256

memory leak

mp4box

gpac

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

34.8%

JSON

Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

Affected configurations

NVD

Node

gpacgpacMatch1.0.1

CPENameOperatorVersion
gpac:gpacgpaceq1.0.1

CPE	Name	Operator	Version
gpac:gpac	gpac	eq	1.0.1

References

github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e

github.com/gpac/gpac/issues/1705

Social References

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

34.8%

JSON

Related for CVE-2021-31256

veracode1 ubuntucve1 cvelist1 nvd1 prion1 osv1 debiancve1