Summary: | <media-video/gpac-2.0.0: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 836960 | ||
Bug Blocks: |
Description
Sam James
2021-04-25 17:08:16 UTC
Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. CVE-2021-36584: An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_builder_do_tx3g function in ietf/rtp_pck_3gpp.c, as demonstrated by MP4Box. This can cause a denial of service (DOS). Issue/patch: https://github.com/gpac/gpac/issues/1842 CVE-2021-32437: The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. CVE-2021-32438: The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. CVE-2021-32439: Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. CVE-2021-32440: The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Some Cisco Talos vulnerabilities (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298): CVE-2021-21859: An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability. CVE-2021-21860: An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability. CVE-2021-21861: An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. Patches fixing CVE-2021-218{34..62}: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7 https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450bq CVE-2021-32138 (https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b): The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. CVE-2021-32139 (https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e): The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. CVE-2021-33361 (https://github.com/gpac/gpac/commit/a51f951b878c2b73c1d8e2f1518c7cdc5fb82c3f): Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. CVE-2021-33363 (https://github.com/gpac/gpac/commit/ec64c7b8966d7e4642d12debb888be5acf18efb9): Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. CVE-2021-33365 (https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5): Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. CVE-2021-33366 (https://github.com/gpac/gpac/commit/0a85029d694f992f3631e2f249e4999daee15cbf): Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. CVE-2021-33364 (https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7): Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. CVE-2021-33362 (https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d): Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. CVE-2021-32132 (https://github.com/gpac/gpac/commit/e74be5976a6fee059c638050a237893f7e9a3b23): The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. CVE-2021-32135 (https://github.com/gpac/gpac/commit/b8f8b202d4fc23eb0ab4ce71ae96536ca6f5d3f8): The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. CVE-2021-32137 (https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca): Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. CVE-2021-32134 (https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01): The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. CVE-2021-32136 (https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed): Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. All patched upstream, no release. CVE-2021-41456: There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability. Unreleased patch: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e CVE-2021-41457: There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability. Unreleased patch: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619 CVE-2021-41459: There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability. Unreleased patch: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339 CVE-2020-22673 (https://github.com/gpac/gpac/issues/1342): Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input. CVE-2020-22674 (https://github.com/gpac/gpac/issues/1346): An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input. CVE-2020-22675 (https://github.com/gpac/gpac/issues/1344): An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. CVE-2020-22677 (https://github.com/gpac/gpac/issues/1341): An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. CVE-2020-22678 (https://github.com/gpac/gpac/issues/1339): An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. CVE-2020-22679 (https://github.com/gpac/gpac/issues/1345): Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input. All fixed in 0.8.1. CVE-2021-45260 (https://github.com/gpac/gpac/issues/1979): A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash. CVE-2021-45262 (https://github.com/gpac/gpac/issues/1980): An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/ef86a8eba3b166b885dec219066dd3a47501e03a CVE-2021-45263 (https://github.com/gpac/gpac/issues/1975): An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9 CVE-2021-45266 (https://github.com/gpac/gpac/issues/1985): A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/76b9e3f578a056fee07a4b317f5b36a83d01810e CVE-2021-45267 (https://github.com/gpac/gpac/issues/1965): An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487 CVE-2021-45258 (https://github.com/gpac/gpac/issues/1970): A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/47a26a32c9a2cd630c48517c3e6ab2fa5f6a26ad CVE-2021-45259 (https://github.com/gpac/gpac/issues/1986): An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash. Patches: https://github.com/gpac/gpac/commit/9628ba6bf3ead727dbdef4aa1e9b3a2ebc36ec58, https://github.com/gpac/gpac/commit/654c796482c2609aa736315f9273d6c5912e0a29 CVE-2021-44918 (https://github.com/gpac/gpac/issues/1968): A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a CVE-2021-44919 (https://github.com/gpac/gpac/issues/1963): A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 CVE-2021-44920 (https://github.com/gpac/gpac/issues/1957): An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4 CVE-2021-44921 (https://github.com/gpac/gpac/issues/1964): A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2 CVE-2021-44922 (https://github.com/gpac/gpac/issues/1969): A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a CVE-2021-44923 (https://github.com/gpac/gpac/issues/1962): A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 CVE-2021-44924 (https://github.com/gpac/gpac/issues/1959): An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service. Patch: https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497 CVE-2021-44925 (https://github.com/gpac/gpac/issues/1967): A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2 CVE-2021-44926 (https://github.com/gpac/gpac/issues/1961): A null pointer dereference vulnerability exists in the gpac in the gf_node_get_tag function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e CVE-2021-44927 (https://github.com/gpac/gpac/issues/1960): A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash. Patch: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92 CVE-2021-45297 (https://github.com/gpac/gpac/issues/1973): An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size. Patch: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770 CVE-2021-45289 (https://github.com/gpac/gpac/issues/1972): A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL. Patch: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d CVE-2021-45291 (https://github.com/gpac/gpac/issues/1955): The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. Patch: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc CVE-2021-45292 (https://github.com/gpac/gpac/issues/1958): The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. Patch: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6 CVE-2021-45288 (https://github.com/gpac/gpac/issues/1956): A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. Patch: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3 None of these seem to have made it into a release. CVE-2021-46038 (https://github.com/gpac/gpac/issues/2000): A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent). Patch: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f CVE-2021-45831 (https://github.com/gpac/gpac/issues/1990): A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service. Patch: https://github.com/gpac/gpac/commit/4613a35362e15a6df90453bd632d083645e5a765 CVE-2021-46039 (https://github.com/gpac/gpac/issues/1999): A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Service (context-dependent). CVE-2021-46040 (https://github.com/gpac/gpac/issues/2003): A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent). CVE-2021-46041 (https://github.com/gpac/gpac/issues/2004): A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service. CVE-2021-46042 (https://github.com/gpac/gpac/issues/2002): A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service. CVE-2021-46043 (https://github.com/gpac/gpac/issues/2001): A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service. CVE-2021-46044 (https://github.com/gpac/gpac/issues/2006): A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent). All fixed by unreleased patch: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f CVE-2021-46045 (https://github.com/gpac/gpac/issues/2007): GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). CVE-2021-46046 (https://github.com/gpac/gpac/issues/2005): A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent). CVE-2021-46047 (https://github.com/gpac/gpac/issues/2008): Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function. CVE-2021-46049 (https://github.com/gpac/gpac/issues/2013): A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service. CVE-2021-46051 (https://github.com/gpac/gpac/issues/2011): A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. CVE-2021-36412 (https://github.com/gpac/gpac/issues/1838): A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command, CVE-2021-36414 (https://github.com/gpac/gpac/issues/1840): A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file. CVE-2021-46051 (https://github.com/gpac/gpac/issues/2011): A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. . CVE-2021-46049 (https://github.com/gpac/gpac/issues/2013): A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service. CVE-2021-46047 (https://github.com/gpac/gpac/issues/2008): A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function. CVE-2021-46045 (https://github.com/gpac/gpac/issues/2007): GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). CVE-2021-46046 (https://github.com/gpac/gpac/issues/2005): A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent). All patched. CVE-2020-25427 (https://github.com/gpac/gpac/issues/1406): A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service. Patched: https://github.com/gpac/gpac/commit/8e585e623b1d666b4ef736ed609264639cb27701 CVE-2021-40562 (https://github.com/gpac/gpac/issues/1901): A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service. CVE-2021-40563 (https://github.com/gpac/gpac/issues/1892): A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service. CVE-2021-40564 (https://github.com/gpac/gpac/issues/1898): A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service. CVE-2021-40565 (https://github.com/gpac/gpac/issues/1902): A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service. CVE-2021-40566 (https://github.com/gpac/gpac/issues/1887): A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service. CVE-2021-40559 (https://github.com/gpac/gpac/issues/1886): A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service. CVE-2021-36417 (https://github.com/gpac/gpac/issues/1846): A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file. All patched. CVE-2021-40572 (https://github.com/gpac/gpac/issues/1893): The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service. CVE-2021-40573 (https://github.com/gpac/gpac/issues/1891): The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service. CVE-2021-40574 (https://github.com/gpac/gpac/issues/1897): The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. CVE-2021-40575 (https://github.com/gpac/gpac/issues/1905): The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566. CVE-2021-40576 (https://github.com/gpac/gpac/issues/1904): The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service. CVE-2021-40569 (https://github.com/gpac/gpac/issues/1890): The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service. CVE-2021-40570 (https://github.com/gpac/gpac/issues/1899): The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. CVE-2021-40571 (https://github.com/gpac/gpac/issues/1895): The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. CVE-2021-40567 (https://github.com/gpac/gpac/issues/1889): Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service. CVE-2021-40568 (https://github.com/gpac/gpac/issues/1900): A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. All patched. CVE-2021-45760 (https://github.com/gpac/gpac/issues/1966): GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability allows attackers to cause a Denial of Service (DoS). Fixed. CVE-2021-45767 (https://github.com/gpac/gpac/issues/1982): GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can lead to a Denial of Service (DoS). CVE-2021-45764 (https://github.com/gpac/gpac/issues/1971): GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra(). CVE-2021-45762 (https://github.com/gpac/gpac/issues/1978): GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerability allows attackers to cause a Denial of Service (DoS). CVE-2021-45763 (https://github.com/gpac/gpac/issues/1974): GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS). All fixed. CVE-2021-46311 (https://github.com/gpac/gpac/issues/2038): A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS). CVE-2021-46313 (https://github.com/gpac/gpac/issues/2039): The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS). CVE-2021-46234 (https://github.com/gpac/gpac/issues/2023): A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). CVE-2021-46236 (https://github.com/gpac/gpac/issues/2024): A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS). CVE-2021-46237 (https://github.com/gpac/gpac/issues/2033): An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). CVE-2021-46238 (https://github.com/gpac/gpac/issues/2027): GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS). CVE-2021-46239 (https://github.com/gpac/gpac/issues/2026): The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS). CVE-2021-46240 (https://github.com/gpac/gpac/issues/2028): A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS). All fixed in Git. CVE-2021-4043 (https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db): NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. CVE-2022-24249 (https://github.com/gpac/gpac/issues/2081): A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. CVE-2022-26967 (https://github.com/gpac/gpac/issues/2138): GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box. Fix in https://github.com/gpac/gpac/commit/ea1eca00fd92fa17f0e25ac25652622924a9a6a0 (In reply to John Helmert III from comment #28) > CVE-2022-26967 (https://github.com/gpac/gpac/issues/2138): > > GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be > triggered via MP4Box. > > Fix in > https://github.com/gpac/gpac/commit/ea1eca00fd92fa17f0e25ac25652622924a9a6a0 Popping this one into another bug. The other issues are fixed in 2.0.0, this one isn't. CVE-2022-24577 (https://huntr.dev/bounties/0758b3a2-8ff2-45fc-8543-7633d605d24e/): GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen (). CVE-2022-24574 (https://huntr.dev/bounties/a08437cc-25aa-4116-8069-816f78a2247c/): GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra (). CVE-2022-24575 (https://github.com/gpac/gpac/issues/2058): GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box. CVE-2022-24576 (https://github.com/gpac/gpac/issues/2061): GPAC 1.0.1 is affected by Use After Free through MP4Box. CVE-2022-24578 (https://huntr.dev/bounties/1691cca3-ab54-4259-856b-751be2395b11/): GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c. All also fixed in 2.0.0. CVE-2022-27145 (https://github.com/gpac/gpac/issues/2108): GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. CVE-2022-27146 (https://github.com/gpac/gpac/issues/2120): GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. CVE-2022-27147 (https://github.com/gpac/gpac/issues/2109): GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. CVE-2022-27148 (https://github.com/gpac/gpac/issues/2067): GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. Please cleanup CVE-2021-40592 (https://github.com/gpac/gpac/issues/1876): https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0a GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file. Fix in 2.0. CVE-2021-41458 (https://github.com/gpac/gpac/issues/1910): In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability. CVE-2021-40606 (https://github.com/gpac/gpac/issues/1885): The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. CVE-2021-40607 (https://github.com/gpac/gpac/issues/1879): The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. CVE-2021-40608 (https://github.com/gpac/gpac/issues/1883): The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. CVE-2021-40609 (https://github.com/gpac/gpac/issues/1894): The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. CVE-2021-40944 (https://github.com/gpac/gpac/issues/1906): In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). CVE-2021-40942 (https://github.com/gpac/gpac/issues/1908): In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). commit 34727a187d85745de1ba11622427e9b8a3df21bf Author: Matt Turner <mattst88@gentoo.org> Date: Sat Nov 12 12:29:30 2022 -0500 media-video/gpac: Drop old versions The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3153e5acf29c348ac328b96bc727680297418e3c commit 3153e5acf29c348ac328b96bc727680297418e3c Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-08-10 05:56:40 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-08-10 05:56:50 +0000 [ GLSA 202408-21 ] GPAC: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/785649 Bug: https://bugs.gentoo.org/835341 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202408-21.xml | 258 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 258 insertions(+) |