Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-40559
CVE-2021-40559:
NixOS vulnerability analysis and mitigation
Overview
A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmxparsenalavc function in reframenalu, which allows a denial of service (NIST NVD, Debian Advisory). The vulnerability was discovered in August 2021 and affects the MP4Box component of GPAC.
Technical details
The vulnerability exists in the naludmxparsenalavc function within reframenalu.c at line 2474. When processing certain malformed input files, the function attempts to dereference a null pointer, which leads to a segmentation fault. The vulnerability has a CVSS v3.1 Base Score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) (NIST NVD).
Impact
The vulnerability allows an attacker to cause a denial of service condition by triggering a segmentation fault through a null pointer dereference. This can result in the application crashing when processing specially crafted input files (NIST NVD).
Mitigation and workarounds
The vulnerability has been fixed in Debian's gpac package version 1.0.1+dfsg1-4+deb11u2 for the stable distribution (bullseye). Users are recommended to upgrade their gpac packages to the patched version (Debian Advisory).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management