907256 – (CVE-2023-2837, CVE-2023-2838, CVE-2023-2839, CVE-2023-2840, CVE-2023-3012, CVE-2023-3013, CVE-2023-3291, CVE-2023-3523, CVE-2023-37174, CVE-2023-37765, CVE-2023-37766, CVE-2023-37767, CVE-2023-39562, CVE-2023-41000, CVE-2023-42298, CVE-2023-4678, CVE-2023-4681, CVE-2023-4682, CVE-2023-4683, CVE-2023-46927, CVE-2023-46928, CVE-2023-46930, CVE-2023-46931, CVE-2023-4720, CVE-2023-4721, CVE-2023-4722, CVE-2023-4754, CVE-2023-4755, CVE-2023-4756, CVE-2023-4758, CVE-2023-4778, CVE-2023-48014, CVE-2023-5377, CVE-2023-5520, CVE-2023-5586, CVE-2023-5595) media-video/gpac: multiple vulnerabilities

Bug 907256 (CVE-2023-2837, CVE-2023-2838, CVE-2023-2839, CVE-2023-2840, CVE-2023-3012, CVE-2023-3013, CVE-2023-3291, CVE-2023-3523, CVE-2023-37174, CVE-2023-37765, CVE-2023-37766, CVE-2023-37767, CVE-2023-39562, CVE-2023-41000, CVE-2023-42298, CVE-2023-4678, CVE-2023-4681, CVE-2023-4682, CVE-2023-4683, CVE-2023-46927, CVE-2023-46928, CVE-2023-46930, CVE-2023-46931, CVE-2023-4720, CVE-2023-4721, CVE-2023-4722, CVE-2023-4754, CVE-2023-4755, CVE-2023-4756, CVE-2023-4758, CVE-2023-4778, CVE-2023-48014, CVE-2023-5377, CVE-2023-5520, CVE-2023-5586, CVE-2023-5595) - media-video/gpac: multiple vulnerabilities

Summary: media-video/gpac: multiple vulnerabilities

Status:	CONFIRMED

Alias:	CVE-2023-2837, CVE-2023-2838, CVE-2023-2839, CVE-2023-2840, CVE-2023-3012, CVE-2023-3013, CVE-2023-3291, CVE-2023-3523, CVE-2023-37174, CVE-2023-37765, CVE-2023-37766, CVE-2023-37767, CVE-2023-39562, CVE-2023-41000, CVE-2023-42298, CVE-2023-4678, CVE-2023-4681, CVE-2023-4682, CVE-2023-4683, CVE-2023-46927, CVE-2023-46928, CVE-2023-46930, CVE-2023-46931, CVE-2023-4720, CVE-2023-4721, CVE-2023-4722, CVE-2023-4754, CVE-2023-4755, CVE-2023-4756, CVE-2023-4758, CVE-2023-4778, CVE-2023-48014, CVE-2023-5377, CVE-2023-5520, CVE-2023-5586, CVE-2023-5595

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [upstream/ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2023-05-27 19:25 UTC by John Helmert III
Modified:	2023-11-17 02:53 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-05-27 19:25:35 UTC

CVE-2023-2839:

Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.

Patch: https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac

CVE-2023-2840:

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.

Patch: https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37

CVE-2023-2837:

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.

Patch: https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611

CVE-2023-2838:

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

Patch: https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba

Comment 1 John Helmert III archtester

2023-06-04 03:26:06 UTC

CVE-2023-3012 (https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7):

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-3013 (https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594):

Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.

Patches not yet in any release.

Comment 2 John Helmert III archtester

2023-11-05 18:49:15 UTC

CVE-2023-46927 (https://github.com/gpac/gpac/issues/2657):

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.

CVE-2023-46928 (https://github.com/gpac/gpac/issues/2661):

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.

CVE-2023-46930 (https://github.com/gpac/gpac/issues/2666):

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.

CVE-2023-46931 (https://github.com/gpac/gpac/issues/2664):

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.

CVE-2023-5595 (https://github.com/gpac/gpac/commit/7a6f636db3360bb16d18078d51e8c596f31302a1):

Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE-2023-5586 (https://github.com/gpac/gpac/commit/ca1b48f0abe71bf81a58995d7d75dc27f5a17ddc):

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE-2023-42298 (https://github.com/gpac/gpac/issues/2567):

An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.

CVE-2023-5520 (https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e):

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-5377 (https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce):

Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.

CVE-2023-41000 (https://github.com/gpac/gpac/issues/2550):

GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.

CVE-2023-4778 (https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed):

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4758 (https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86):

Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4755 (https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a):

Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4754 (https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0):

Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4756 (https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01):

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4720 (https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a):

Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4721 (https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63):

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4722 (https://github.com/gpac/gpac/commit/de7f3a852bef72a52825fd307cf4e8f486401a76):

Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4678 (https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07):

Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4681 (https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c):

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4682 (https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be):

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4683 (https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec):

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-39562 (https://github.com/gpac/gpac/issues/2537):

GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.

CVE-2023-37174 (https://github.com/gpac/gpac/issues/2505):

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.

CVE-2023-37765 (https://github.com/gpac/gpac/issues/2515):

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.

CVE-2023-37766 (https://github.com/gpac/gpac/issues/2516):

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.

CVE-2023-37767 (https://github.com/gpac/gpac/issues/2514):

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.

CVE-2023-3523 (https://github.com/gpac/gpac/commit/64201a26476c12a7dbd7ffb5757743af6954db96):

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-3291 (https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf):

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.

All appear fixed in master, but not in any release.

Comment 3 Jarkko Suominen 2023-11-16 06:42:26 UTC

A new vulnerability was discovered in v2.3-DEV-rev566-g50c2ab06f-master. 

https ://www.cve.org/CVERecord?id=CVE-2023-48014
https ://github.com/gpac/gpac/issues/2613

This has been already patched in master but is not included in any release yet:
https ://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b

(Sorry for broken links, this account does not have permission to post links)