Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 907256 (CVE-2023-2837, CVE-2023-2838, CVE-2023-2839, CVE-2023-2840, CVE-2023-3012, CVE-2023-3013) - media-video/gpac: multiple vulnerabilities
Summary: media-video/gpac: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2023-2837, CVE-2023-2838, CVE-2023-2839, CVE-2023-2840, CVE-2023-3012, CVE-2023-3013
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-05-27 19:25 UTC by John Helmert III
Modified: 2023-06-04 03:26 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-27 19:25:35 UTC
CVE-2023-2839:

Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.

Patch: https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac

CVE-2023-2840:

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.

Patch: https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37

CVE-2023-2837:

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.

Patch: https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611

CVE-2023-2838:

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

Patch: https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-04 03:26:06 UTC
CVE-2023-3012 (https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7):

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-3013 (https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594):

Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.

Patches not yet in any release.