Summary: | media-video/gpac: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [upstream/ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2023-05-27 19:25:35 UTC
CVE-2023-3012 (https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7): NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. CVE-2023-3013 (https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594): Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2. Patches not yet in any release. CVE-2023-46927 (https://github.com/gpac/gpac/issues/2657): GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box. CVE-2023-46928 (https://github.com/gpac/gpac/issues/2661): GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42. CVE-2023-46930 (https://github.com/gpac/gpac/issues/2666): GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14. CVE-2023-46931 (https://github.com/gpac/gpac/issues/2664): GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box. CVE-2023-5595 (https://github.com/gpac/gpac/commit/7a6f636db3360bb16d18078d51e8c596f31302a1): Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV. CVE-2023-5586 (https://github.com/gpac/gpac/commit/ca1b48f0abe71bf81a58995d7d75dc27f5a17ddc): NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV. CVE-2023-42298 (https://github.com/gpac/gpac/issues/2567): An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c. CVE-2023-5520 (https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e): Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. CVE-2023-5377 (https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce): Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV. CVE-2023-41000 (https://github.com/gpac/gpac/issues/2550): GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c. CVE-2023-4778 (https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed): Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2023-4758 (https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86): Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2023-4755 (https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a): Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2023-4754 (https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0): Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2023-4756 (https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01): Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2023-4720 (https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a): Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2023-4721 (https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63): Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2023-4722 (https://github.com/gpac/gpac/commit/de7f3a852bef72a52825fd307cf4e8f486401a76): Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2023-4678 (https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07): Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2023-4681 (https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c): NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2023-4682 (https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be): Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2023-4683 (https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec): NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. CVE-2023-39562 (https://github.com/gpac/gpac/issues/2537): GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file. CVE-2023-37174 (https://github.com/gpac/gpac/issues/2505): GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c. CVE-2023-37765 (https://github.com/gpac/gpac/issues/2515): GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so. CVE-2023-37766 (https://github.com/gpac/gpac/issues/2516): GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so. CVE-2023-37767 (https://github.com/gpac/gpac/issues/2514): GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so. CVE-2023-3523 (https://github.com/gpac/gpac/commit/64201a26476c12a7dbd7ffb5757743af6954db96): Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. CVE-2023-3291 (https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf): Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. All appear fixed in master, but not in any release. A new vulnerability was discovered in v2.3-DEV-rev566-g50c2ab06f-master. https ://www.cve.org/CVERecord?id=CVE-2023-48014 https ://github.com/gpac/gpac/issues/2613 This has been already patched in master but is not included in any release yet: https ://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b (Sorry for broken links, this account does not have permission to post links) |