Vulnerability Details : CVE-2021-4043
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-4043
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*
CVE-2021-4043 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Motion Spell GPAC Null Pointer Dereference Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
Motion Spell GPAC contains a null pointer dereference vulnerability that could allow a local attacker to cause a denial-of-service (DoS) condition.
Notes:
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db ; https://nvd.nist.gov/vuln/detail/CVE-2021-4043
Added on
2024-09-30
Action due date
2024-10-21
Exploit prediction scoring system (EPSS) score for CVE-2021-4043
0.91%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-4043
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.8
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L |
3.9
|
1.4
|
huntr.dev | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2021-4043
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: security@huntr.dev (Primary)
References for CVE-2021-4043
-
https://www.debian.org/security/2023/dsa-5411
Debian -- Security Information -- DSA-5411-1 gpacMailing List;Third Party Advisory
-
https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db
fixed #2092 · gpac/gpac@64a2e1b · GitHubPatch;Third Party Advisory
-
https://huntr.dev/bounties/d7a534cb-df7a-48ba-8ce3-46b1551a9c47
NULL Pointer Dereference vulnerability found in gpacExploit;Issue Tracking;Third Party Advisory
Jump to