Login Sign Up

CVE-2020-35979

7.8 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

This CVE describes a heap-based buffer overflow vulnerability in GPAC's RTP builder function for AVC video. Attackers can exploit this to execute arbitrary code or cause denial of service by sending specially crafted RTP packets. Users of GPAC versions 0.8.0 and 1.0.1 are affected.

💻 Affected Systems

Products:
  • GPAC (MP4Box, MP4Client, other GPAC tools)
Versions: 0.8.0 and 1.0.1
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Any system using GPAC to process RTP streams with AVC/H.264 video is vulnerable.

📦 What is this software?

Gpac by Gpac

View all CVEs affecting Gpac →

Gpac by Gpac

View all CVEs affecting Gpac →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crash causing denial of service, potentially disrupting media processing services.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit prevention controls in place.

🌐 Internet-Facing: HIGH - GPAC is often used in media servers that process external streams.
🏢 Internal Only: MEDIUM - Internal media processing systems could be targeted via lateral movement.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending malformed RTP packets to the vulnerable function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit b15020f54aff24aaeb64b80771472be8e64a7adc and later versions

Vendor Advisory: https://github.com/gpac/gpac/commit/b15020f54aff24aaeb64b80771472be8e64a7adc

Restart Required: Yes

Instructions:

1. Update GPAC to version after commit b15020f. 2. Recompile from source if using custom build. 3. Restart all GPAC services.

🔧 Temporary Workarounds

Network Filtering

linux

Block or filter RTP traffic to GPAC services from untrusted sources.

iptables -A INPUT -p udp --dport 5004:5005 -j DROP # Example RTP ports

Service Isolation

linux

Run GPAC services in isolated containers or VMs with limited privileges.

docker run --cap-drop=ALL --security-opt=no-new-privileges gpac-container

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate GPAC services from untrusted networks.
  • Deploy exploit prevention controls like ASLR and DEP, and run GPAC with minimal privileges.

🔍 How to Verify

Check if Vulnerable:

Check GPAC version: mp4box -version or gpac -version. If output shows 0.8.0 or 1.0.1, system is vulnerable.

Check Version:

mp4box -version 2>&1 | head -1

Verify Fix Applied:

Verify version is updated beyond vulnerable versions and test with sample RTP streams.

📡 Detection & Monitoring

Log Indicators:

  • GPAC crash logs
  • segmentation fault errors in system logs
  • unexpected process termination

Network Indicators:

  • Unusual RTP traffic patterns to GPAC services
  • malformed RTP packet detection

SIEM Query:

source="*gpac*" AND ("segmentation fault" OR "buffer overflow" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2020-35979
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: April 21, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35979, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)