| Summary: | <media-video/gpac-2.2.0: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | aballier, media-video |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/gpac/gpac/issues/2138 | ||
| Whiteboard: | B2 [stable glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 941695 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2022-03-15 15:59:53 UTC
CVE-2022-1035 (https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243): Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV. CVE-2022-1172 (https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8): Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV. CVE-2022-1222 (https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1): Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. CVE-2022-29537 (https://github.com/gpac/gpac/issues/2173): gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box. CVE-2022-1441 (https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb): MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. CVE-2022-29339 (https://github.com/gpac/gpac/issues/2165): https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. CVE-2022-29340 (https://github.com/gpac/gpac/issues/2163): https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0 GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. CVE-2022-1795 (https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc): Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. Patch: https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514 CVE-2022-30976 (https://github.com/gpac/gpac/issues/2179): GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box. Patch: https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e28888117831ca143d78 CVE-2022-2453 (https://huntr.dev/bounties/c8c964de-046a-41b2-9ff5-e25cfdb36b5a): https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV. CVE-2022-2454 (https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096): https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV. CVE-2022-2549 (https://github.com/gpac/gpac/commit/0102c5d4db7fdbf08b5b591b2a6264de33867a07): https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d7fb29a5537 NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV. CVE-2022-36186 (https://github.com/gpac/gpac/issues/2223): A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1. CVE-2022-36190 (https://github.com/gpac/gpac/issues/2220): GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242. Both patched. CVE-2022-36191 (https://github.com/gpac/gpac/issues/2218): A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242. CVE-2022-38530 (https://github.com/gpac/gpac/issues/2216): GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD. CVE-2022-3178 (https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0): https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3 Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. CVE-2022-3222 (https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235): Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. Patch: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf CVE-2022-43039 (https://github.com/gpac/gpac/issues/2281): GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c. CVE-2022-43040 (https://github.com/gpac/gpac/issues/2280): GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c. CVE-2022-43042 (https://github.com/gpac/gpac/issues/2278): GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c. CVE-2022-43043 (https://github.com/gpac/gpac/issues/2276): GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c. CVE-2022-43044 (https://github.com/gpac/gpac/issues/2282): GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c. CVE-2022-43045 (https://github.com/gpac/gpac/issues/2277): GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c. All have patch linked. CVE-2022-43254 (https://github.com/gpac/gpac/issues/2284): GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c. CVE-2022-43255 (https://github.com/gpac/gpac/issues/2285): GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c. Both patched. CVE-2022-3957 (https://github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb): A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463. CVE-2022-45343 (https://github.com/gpac/gpac/issues/2315): GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. CVE-2022-4202 (https://drive.google.com/file/d/1HVWa6IpAbvsMS5rx091RfjUB4GfXrMLE/view): https://vuldb.com/?id.214518 A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214518 is the identifier assigned to this vulnerability. CVE-2022-45202 (https://github.com/gpac/gpac/issues/2296): GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c. CVE-2022-45204 (https://github.com/gpac/gpac/issues/2307): GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c. All except -4202 have a public patch at the above references. VulDB seems to be a CVE farm designed to market CVEs as catastrophically as possible, so I can't find a clear reference to any upstream report or patch for it. (In reply to John Helmert III from comment #19) > CVE-2022-45343 (https://github.com/gpac/gpac/issues/2315): > > GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap > use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. > > CVE-2022-4202 > (https://drive.google.com/file/d/1HVWa6IpAbvsMS5rx091RfjUB4GfXrMLE/view): > https://vuldb.com/?id.214518 > > A vulnerability, which was classified as problematic, was found in GPAC > 2.1-DEV-rev490-g68064e101-master. Affected is the function > lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to > integer overflow. It is possible to launch the attack remotely. The exploit > has been disclosed to the public and may be used. VDB-214518 is the > identifier assigned to this vulnerability. Reported upstream at: https://github.com/gpac/gpac/issues/2333 CVE-2022-45283 (https://github.com/gpac/gpac/issues/2295): GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c. Patch available as usual (In reply to John Helmert III from comment #20) > (In reply to John Helmert III from comment #19) > > CVE-2022-45343 (https://github.com/gpac/gpac/issues/2315): > > > > GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap > > use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. > > > > CVE-2022-4202 > > (https://drive.google.com/file/d/1HVWa6IpAbvsMS5rx091RfjUB4GfXrMLE/view): > > https://vuldb.com/?id.214518 > > > > A vulnerability, which was classified as problematic, was found in GPAC > > 2.1-DEV-rev490-g68064e101-master. Affected is the function > > lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to > > integer overflow. It is possible to launch the attack remotely. The exploit > > has been disclosed to the public and may be used. VDB-214518 is the > > identifier assigned to this vulnerability. > > Reported upstream at: https://github.com/gpac/gpac/issues/2333 Fixed with: https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908 gpac 2.2.0 is released. CVE-2022-47661 (https://github.com/gpac/gpac/issues/2358): GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes CVE-2022-47662 (https://github.com/gpac/gpac/issues/2359): GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662 CVE-2022-47663 (https://github.com/gpac/gpac/issues/2360): GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609 CVE-2022-47656 (https://github.com/gpac/gpac/issues/2353): GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273 CVE-2022-47657 (https://github.com/gpac/gpac/issues/2355): GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662 CVE-2022-47658 (https://github.com/gpac/gpac/issues/2356): GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039 CVE-2022-47659 (https://github.com/gpac/gpac/issues/2354): GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data CVE-2022-47660 (https://github.com/gpac/gpac/issues/2357): GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c CVE-2022-47653 (https://github.com/gpac/gpac/issues/2349): GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113 CVE-2022-47654 (https://github.com/gpac/gpac/issues/2350): GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261 CVE-2022-46489 (https://github.com/gpac/gpac/issues/2328): GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c. CVE-2022-46490 (https://github.com/gpac/gpac/issues/2327): GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c. CVE-2022-47086 (https://github.com/gpac/gpac/issues/2337): GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c CVE-2022-47087 (https://github.com/gpac/gpac/issues/2339): GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c CVE-2022-47088 (https://github.com/gpac/gpac/issues/2340): GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow. CVE-2022-47089 (https://github.com/gpac/gpac/issues/2338): GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c CVE-2022-47091 (https://github.com/gpac/gpac/issues/2343): GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c CVE-2022-47092 (https://github.com/gpac/gpac/issues/2347): GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316 CVE-2022-47093 (https://github.com/gpac/gpac/issues/2344): GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid CVE-2022-47094 (https://github.com/gpac/gpac/issues/2345): GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid CVE-2022-47095 (https://github.com/gpac/gpac/issues/2346): GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c These all seem to be in 2.2.0. I wonder if we should just drop gpac given how bad this situation is. It only has revdeps behind USE flags. commit 909822b6b67aed377cfcc99407e52eb7e3aa9565 Author: Alexis Ballier <aballier@gentoo.org> Date: Wed Mar 29 17:57:15 2023 +0200 media-video/gpac: bump to 2.2.0 Signed-off-by: Alexis Ballier <aballier@gentoo.org> The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3153e5acf29c348ac328b96bc727680297418e3c commit 3153e5acf29c348ac328b96bc727680297418e3c Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-08-10 05:56:40 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-08-10 05:56:50 +0000 [ GLSA 202408-21 ] GPAC: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/785649 Bug: https://bugs.gentoo.org/835341 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202408-21.xml | 258 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 258 insertions(+) |