Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-45288
CVE-2021-45288:
NixOS vulnerability analysis and mitigation
Overview
A Double Free vulnerability was discovered in GPAC version 1.0.1, specifically in the filedump.c file. The vulnerability was assigned CVE-2021-45288 and was reported on December 10, 2021. The issue affects the MP4Box command functionality within GPAC (NVD, MITRE).
Technical details
The vulnerability exists in filedump.c at line 199 and manifests as a double free condition in the tcache memory management system. The issue occurs during the processing of MP4 files when using the MP4Box command, specifically during the MPEG-4 BIFS Scene Parsing operation. The vulnerability can be triggered when handling malformed input files (GitHub Issue).
Impact
When exploited, this vulnerability can lead to a Denial of Service (DoS) condition through the application crash caused by the double free memory corruption (NVD).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management