Double Free
CVE-2021-40574
Summary
The binary MP4Box in Gpac prior to 2.0.0 has a double-free vulnerability in the "gf_text_get_utf8_line" function in "load_text.c", which allows attackers to cause a denial of service, even code execution and escalation of privileges.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- HIGH
CWE-415 - Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Advisory Timeline
- Published
