Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711262 (CVE-2018-21017, CVE-2019-13618, CVE-2019-20628, CVE-2019-20629, CVE-2019-20630, CVE-2019-20631, CVE-2019-20632, CVE-2020-6630, CVE-20202-6631) - media-video/gpac: Multiple vulnerabilities (CVE-2018-1017,CVE-2019-{0628,0629,0630,0631,0632,3618},CVE-2020-{11558,6630,6631})
Summary: media-video/gpac: Multiple vulnerabilities (CVE-2018-1017,CVE-2019-{0628,0629...
Status: IN_PROGRESS
Alias: CVE-2018-21017, CVE-2019-13618, CVE-2019-20628, CVE-2019-20629, CVE-2019-20630, CVE-2019-20631, CVE-2019-20632, CVE-2020-6630, CVE-20202-6631
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/gpac/gpac/issues/1183
Whiteboard: B4 [ebuild cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-01 23:44 UTC by Sam James (sec padawan)
Modified: 2020-04-17 03:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James (sec padawan) 2020-03-01 23:44:42 UTC
Description:
"GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c."

Patch: https://github.com/gpac/gpac/commit/d2371b4b204f0a3c0af51ad4e9b491144dd1225c
Comment 1 Sam James (sec padawan) 2020-03-02 15:52:25 UTC
2) CVE-2019-13618

Description:
"In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c."

Bug: https://github.com/gpac/gpac/issues/1250
Patch: https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b

(Fixed in 0.8.0).
Comment 2 Sam James (sec padawan) 2020-03-24 19:55:15 UTC
3) CVE-2019-20628

Description:
"An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file."

Bug: https://github.com/gpac/gpac/issues/1269

4) CVE-2019-20629

Description:
"An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file."

Bug: https://github.com/gpac/gpac/issues/1264

5) CVE-2019-20630

Description:
"An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file."

Bug: https://github.com/gpac/gpac/issues/1268

6) CVE-2019-20631

Description:
"An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file."

Bug: https://github.com/gpac/gpac/issues/1270

7) CVE-2019-20632

Description:
"An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file."

Bug: https://github.com/gpac/gpac/issues/1271

---
CVE claims this was all fixed <0.8.0, but some of these commits may have landed after.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2020-04-11 23:58:37 UTC
CVE-2020-6630 (ASSIGNED)
CloseAn issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.


CVE-2020-6631 (ASSIGNED)
CloseAn issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2020-04-17 03:10:57 UTC
CVE-2020-11558 (https://nvd.nist.gov/vuln/detail/CVE-2020-11558):
  An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by
  MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not
  properly decide when to make gf_isom_box_del calls. This leads to various
  use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and
  gf_isom_parse_movie_boxes.