Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2019-20632
CVE-2019-20632:
NixOS vulnerability analysis and mitigation
Overview
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. The vulnerability was assigned CVE-2019-20632 and was publicly disclosed on March 24, 2020. The vulnerability affects the GPAC multimedia framework, specifically versions prior to 0.8.0 (NVD, MITRE).
Technical details
The vulnerability involves an invalid pointer dereference in the gf_odf_delete_descriptor function located in odf/desc_private.c. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. Under CVSS v2.0, it received a base score of 4.3 (Medium) with the vector (AV:N/AC:M/Au:N/C:N/I:N/A:P) (NVD).
Impact
When exploited, this vulnerability can cause a denial of service condition via a crafted MP4 file. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (NVD).
Mitigation and workarounds
The vulnerability has been fixed in GPAC version 0.8.0 and later releases. Users are advised to upgrade to version 0.8.0 or newer to mitigate this vulnerability (NVD).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management