{"id":"CVE-2020-19481","details":"An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.","modified":"2026-04-11T12:40:13.472002Z","published":"2021-07-21T18:15:08.920Z","references":[{"type":"FIX","url":"https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1265"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1266"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1267"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"6b4ab401297be43b57f9eddd675971a8a5feab44"},{"fixed":"2320eb73afba753b39b7147be91f7be7afc0eeb7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.8.0"}]}}],"versions":["v0.5.2","v0.6.0","v0.7.0","v0.7.1"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","source":"https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7","signature_version":"v1","target":{"function":"gf_m2ts_process_pmt","file":"src/media_tools/mpegts.c"},"deprecated":false,"id":"CVE-2020-19481-7609cc08","digest":{"function_hash":"8996523589059156721546357323422475456","length":13192}},{"signature_type":"Line","source":"https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7","signature_version":"v1","target":{"file":"src/media_tools/mpegts.c"},"deprecated":false,"id":"CVE-2020-19481-8719012f","digest":{"threshold":0.9,"line_hashes":["133379085859360269598344503404399662947","106168692294858675055697343916435874473","72569192081990355060075537311296933808","8026147587734142939870120938638327475","15477906275004562280115298485190774329","180672557205391803553237026379219372584","212092903353123825586208908458840867502","92227009122515285962472930496317498948","279311603526829036877731192554838652864","190706729340961245068774956581523567037"]}}],"vanir_signatures_modified":"2026-04-11T12:40:13Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-19481.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}