{"id":"CVE-2020-19481","details":"An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.","modified":"2026-04-11T20:34:36.499488Z","published":"2021-07-21T18:15:08.920Z","references":[{"type":"FIX","url":"https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1265"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1266"},{"type":"EVIDENCE","url":"https://github.com/gpac/gpac/issues/1267"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"0"},{"fixed":"6b4ab401297be43b57f9eddd675971a8a5feab44"},{"fixed":"2320eb73afba753b39b7147be91f7be7afc0eeb7"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"0.8.0"}],"cpe":"cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"]}}],"versions":["v0.5.2","v0.6.0","v0.7.0","v0.7.1"],"database_specific":{"vanir_signatures_modified":"2026-04-11T20:34:36Z","vanir_signatures":[{"digest":{"length":13192,"function_hash":"8996523589059156721546357323422475456"},"signature_type":"Function","deprecated":false,"target":{"function":"gf_m2ts_process_pmt","file":"src/media_tools/mpegts.c"},"signature_version":"v1","id":"CVE-2020-19481-7609cc08","source":"https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7"},{"digest":{"line_hashes":["133379085859360269598344503404399662947","106168692294858675055697343916435874473","72569192081990355060075537311296933808","8026147587734142939870120938638327475","15477906275004562280115298485190774329","180672557205391803553237026379219372584","212092903353123825586208908458840867502","92227009122515285962472930496317498948","279311603526829036877731192554838652864","190706729340961245068774956581523567037"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"src/media_tools/mpegts.c"},"signature_version":"v1","id":"CVE-2020-19481-8719012f","source":"https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-19481.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}