Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-35981
CVE-2020-35981:
NixOS vulnerability analysis and mitigation
Overview
An issue was discovered in GPAC versions 0.8.0 and 1.0.1, involving an invalid pointer dereference vulnerability in the SetupWriters() function located in the isomedia/isom_store.c file (MITRE CVE).
Technical details
The vulnerability exists in the SetupWriters() function within the isomedia/isom_store.c component. The issue manifests as a NULL pointer dereference, which can be triggered when processing certain media files. The vulnerability has been assigned a CVSS 3 Severity Score of 7.8 (High) (Ubuntu Security). The technical fix involved adding additional checks for NULL pointers in the media structure before accessing its members (GPAC Commit).
Impact
When exploited, this vulnerability can lead to a program crash due to the NULL pointer dereference, potentially causing a denial of service condition in applications using the GPAC library (GPAC Issue).
Mitigation and workarounds
The vulnerability has been fixed in a subsequent release of GPAC. The fix includes additional validation checks in the SetupWriters function to verify the existence of required structures before accessing them (GPAC Commit).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management