Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 785649 (CVE-2020-22673, CVE-2020-22674, CVE-2020-22675, CVE-2020-22677, CVE-2020-22678, CVE-2020-22679, CVE-2020-25427, CVE-2020-35979, CVE-2020-35980, CVE-2020-35981, CVE-2020-35982, CVE-2021-21834, CVE-2021-21835, CVE-2021-21836, CVE-2021-21837, CVE-2021-21838, CVE-2021-21839, CVE-2021-21840, CVE-2021-21841, CVE-2021-21842, CVE-2021-21843, CVE-2021-21844, CVE-2021-21845, CVE-2021-21846, CVE-2021-21847, CVE-2021-21848, CVE-2021-21849, CVE-2021-21850, CVE-2021-21851, CVE-2021-21852, CVE-2021-21853, CVE-2021-21854, CVE-2021-21855, CVE-2021-21856, CVE-2021-21857, CVE-2021-21858, CVE-2021-21859, CVE-2021-21860, CVE-2021-21861, CVE-2021-21862, CVE-2021-30014, CVE-2021-30015, CVE-2021-30019, CVE-2021-30020, CVE-2021-30022, CVE-2021-30199, CVE-2021-31254, CVE-2021-31255, CVE-2021-31256, CVE-2021-31257, CVE-2021-31258, CVE-2021-31259, CVE-2021-31260, CVE-2021-31261, CVE-2021-31262, CVE-2021-32132, CVE-2021-32134, CVE-2021-32135, CVE-2021-32136, CVE-2021-32137, CVE-2021-32138, CVE-2021-32139, CVE-2021-32437, CVE-2021-32438, CVE-2021-32439, CVE-2021-32440, CVE-2021-33361, CVE-2021-33362, CVE-2021-33363, CVE-2021-33364, CVE-2021-33365, CVE-2021-33366, CVE-2021-36412, CVE-2021-36414, CVE-2021-36417, CVE-2021-36584, CVE-2021-4043, CVE-2021-40559, CVE-2021-40562, CVE-2021-40563, CVE-2021-40564, CVE-2021-40565, CVE-2021-40566, CVE-2021-40567, CVE-2021-40568, CVE-2021-40569, CVE-2021-40570, CVE-2021-40571, CVE-2021-40572, CVE-2021-40573, CVE-2021-40574, CVE-2021-40575, CVE-2021-40576, CVE-2021-40592, CVE-2021-40606, CVE-2021-40607, CVE-2021-40608, CVE-2021-40609, CVE-2021-40942, CVE-2021-40944, CVE-2021-41456, CVE-2021-41457, CVE-2021-41458, CVE-2021-41459, CVE-2021-44918, CVE-2021-44919, CVE-2021-44920, CVE-2021-44921, CVE-2021-44922, CVE-2021-44923, CVE-2021-44924, CVE-2021-44925, CVE-2021-44926, CVE-2021-44927, CVE-2021-45258, CVE-2021-45259, CVE-2021-45260, CVE-2021-45262, CVE-2021-45263, CVE-2021-45266, CVE-2021-45267, CVE-2021-45288, CVE-2021-45289, CVE-2021-45291, CVE-2021-45292, CVE-2021-45297, CVE-2021-45760, CVE-2021-45762, CVE-2021-45763, CVE-2021-45764, CVE-2021-45767, CVE-2021-45831, CVE-2021-46038, CVE-2021-46039, CVE-2021-46040, CVE-2021-46041, CVE-2021-46042, CVE-2021-46043, CVE-2021-46044, CVE-2021-46045, CVE-2021-46046, CVE-2021-46047, CVE-2021-46049, CVE-2021-46051, CVE-2021-46234, CVE-2021-46236, CVE-2021-46237, CVE-2021-46238, CVE-2021-46239, CVE-2021-46240, CVE-2021-46311, CVE-2021-46313, CVE-2022-24249, CVE-2022-24574, CVE-2022-24575, CVE-2022-24576, CVE-2022-24577, CVE-2022-24578, CVE-2022-27145, CVE-2022-27146, CVE-2022-27147, CVE-2022-27148) - <media-video/gpac-2.0.0: Multiple vulnerabilities
Summary: <media-video/gpac-2.0.0: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2020-22673, CVE-2020-22674, CVE-2020-22675, CVE-2020-22677, CVE-2020-22678, CVE-2020-22679, CVE-2020-25427, CVE-2020-35979, CVE-2020-35980, CVE-2020-35981, CVE-2020-35982, CVE-2021-21834, CVE-2021-21835, CVE-2021-21836, CVE-2021-21837, CVE-2021-21838, CVE-2021-21839, CVE-2021-21840, CVE-2021-21841, CVE-2021-21842, CVE-2021-21843, CVE-2021-21844, CVE-2021-21845, CVE-2021-21846, CVE-2021-21847, CVE-2021-21848, CVE-2021-21849, CVE-2021-21850, CVE-2021-21851, CVE-2021-21852, CVE-2021-21853, CVE-2021-21854, CVE-2021-21855, CVE-2021-21856, CVE-2021-21857, CVE-2021-21858, CVE-2021-21859, CVE-2021-21860, CVE-2021-21861, CVE-2021-21862, CVE-2021-30014, CVE-2021-30015, CVE-2021-30019, CVE-2021-30020, CVE-2021-30022, CVE-2021-30199, CVE-2021-31254, CVE-2021-31255, CVE-2021-31256, CVE-2021-31257, CVE-2021-31258, CVE-2021-31259, CVE-2021-31260, CVE-2021-31261, CVE-2021-31262, CVE-2021-32132, CVE-2021-32134, CVE-2021-32135, CVE-2021-32136, CVE-2021-32137, CVE-2021-32138, CVE-2021-32139, CVE-2021-32437, CVE-2021-32438, CVE-2021-32439, CVE-2021-32440, CVE-2021-33361, CVE-2021-33362, CVE-2021-33363, CVE-2021-33364, CVE-2021-33365, CVE-2021-33366, CVE-2021-36412, CVE-2021-36414, CVE-2021-36417, CVE-2021-36584, CVE-2021-4043, CVE-2021-40559, CVE-2021-40562, CVE-2021-40563, CVE-2021-40564, CVE-2021-40565, CVE-2021-40566, CVE-2021-40567, CVE-2021-40568, CVE-2021-40569, CVE-2021-40570, CVE-2021-40571, CVE-2021-40572, CVE-2021-40573, CVE-2021-40574, CVE-2021-40575, CVE-2021-40576, CVE-2021-40592, CVE-2021-40606, CVE-2021-40607, CVE-2021-40608, CVE-2021-40609, CVE-2021-40942, CVE-2021-40944, CVE-2021-41456, CVE-2021-41457, CVE-2021-41458, CVE-2021-41459, CVE-2021-44918, CVE-2021-44919, CVE-2021-44920, CVE-2021-44921, CVE-2021-44922, CVE-2021-44923, CVE-2021-44924, CVE-2021-44925, CVE-2021-44926, CVE-2021-44927, CVE-2021-45258, CVE-2021-45259, CVE-2021-45260, CVE-2021-45262, CVE-2021-45263, CVE-2021-45266, CVE-2021-45267, CVE-2021-45288, CVE-2021-45289, CVE-2021-45291, CVE-2021-45292, CVE-2021-45297, CVE-2021-45760, CVE-2021-45762, CVE-2021-45763, CVE-2021-45764, CVE-2021-45767, CVE-2021-45831, CVE-2021-46038, CVE-2021-46039, CVE-2021-46040, CVE-2021-46041, CVE-2021-46042, CVE-2021-46043, CVE-2021-46044, CVE-2021-46045, CVE-2021-46046, CVE-2021-46047, CVE-2021-46049, CVE-2021-46051, CVE-2021-46234, CVE-2021-46236, CVE-2021-46237, CVE-2021-46238, CVE-2021-46239, CVE-2021-46240, CVE-2021-46311, CVE-2021-46313, CVE-2022-24249, CVE-2022-24574, CVE-2022-24575, CVE-2022-24576, CVE-2022-24577, CVE-2022-24578, CVE-2022-27145, CVE-2022-27146, CVE-2022-27147, CVE-2022-27148
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+]
Keywords:
Depends on: 836960
Blocks:
  Show dependency tree
 
Reported: 2021-04-25 17:08 UTC by Sam James
Modified: 2024-08-10 05:57 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-04-25 17:08:16 UTC
* CVE-2020-35982

Description:
"An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c."

Bug with patch: https://github.com/gpac/gpac/issues/1660

* CVE-2020-35981

Description:
"An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c."

Bug with patch: https://github.com/gpac/gpac/issues/1659

* CVE-2020-35980

Description:
"An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c."

Bug with patch: https://github.com/gpac/gpac/issues/1661

* CVE-2020-35979

Description:
"An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c."

Bug with patch: https://github.com/gpac/gpac/issues/1662

* CVE-2021-30020

Description:
"In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop."

Bug with patch: https://github.com/gpac/gpac/issues/1722

* CVE-2021-30022

Description:
"There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash."

Bug with patch: https://github.com/gpac/gpac/issues/1720

* CVE-2021-30199

Description:
"In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash."

Bug with patch: https://github.com/gpac/gpac/issues/1728

* CVE-2021-30019

Description:
"In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy."

Bug with patch: https://github.com/gpac/gpac/issues/1723

* CVE-2021-30015

Description:
"There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal."

Bug with patch: https://github.com/gpac/gpac/issues/1719

* CVE-2021-30014

Description:
"There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash."

Bug with patch: https://github.com/gpac/gpac/issues/1721

* CVE-2021-31262

Description:
"The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command."

Bug with patch: https://github.com/gpac/gpac/issues/1738

* CVE-2021-31261

Description:
"The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command."

Bug with patch: https://github.com/gpac/gpac/issues/1737

* CVE-2021-31260

Description:
"The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command."

Bug with patch: https://github.com/gpac/gpac/issues/1736

* CVE-2021-31259

Description:
"The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command."

Bug with patch: https://github.com/gpac/gpac/issues/1735

* CVE-2021-31258

Description:
"The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command."

Bug with patch: https://github.com/gpac/gpac/issues/1706

* CVE-2021-31257

Description:
"The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command."

Bug with patch: https://github.com/gpac/gpac/issues/1734

* CVE-2021-31256

Description:
"Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file."

Bug with patch: https://github.com/gpac/gpac/issues/1705

* CVE-2021-31255

Description:
"Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file."

Bug with patch: https://github.com/gpac/gpac/issues/1733

* CVE-2021-31254

Description:
"Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes."

Bug with patch: https://github.com/gpac/gpac/issues/1703
Comment 1 NATTkA bot gentoo-dev 2021-07-29 17:22:51 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:31:09 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:39:06 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:47:15 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 18:03:13 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:11:31 UTC
Package list is empty or all packages have requested keywords.
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-07 02:30:29 UTC
CVE-2021-36584:

An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_builder_do_tx3g function in ietf/rtp_pck_3gpp.c, as demonstrated by MP4Box. This can cause a denial of service (DOS).

Issue/patch: https://github.com/gpac/gpac/issues/1842
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-12 03:57:07 UTC
CVE-2021-32437:

The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

CVE-2021-32438:

The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

CVE-2021-32439:

Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2021-32440:

The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
Comment 9 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-16 23:20:40 UTC
Some Cisco Talos vulnerabilities (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298):

CVE-2021-21859:

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability.

CVE-2021-21860:

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability.

CVE-2021-21861:

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Comment 11 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-18 15:03:25 UTC
CVE-2021-32138 (https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b):

The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

CVE-2021-32139 (https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e):

The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

CVE-2021-33361 (https://github.com/gpac/gpac/commit/a51f951b878c2b73c1d8e2f1518c7cdc5fb82c3f):

Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

CVE-2021-33363 (https://github.com/gpac/gpac/commit/ec64c7b8966d7e4642d12debb888be5acf18efb9):

Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

CVE-2021-33365 (https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5):

Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

CVE-2021-33366 (https://github.com/gpac/gpac/commit/0a85029d694f992f3631e2f249e4999daee15cbf):

Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

CVE-2021-33364 (https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7):

Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

CVE-2021-33362 (https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d):

Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2021-32132 (https://github.com/gpac/gpac/commit/e74be5976a6fee059c638050a237893f7e9a3b23):

The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

CVE-2021-32135 (https://github.com/gpac/gpac/commit/b8f8b202d4fc23eb0ab4ce71ae96536ca6f5d3f8):

The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

CVE-2021-32137 (https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca):

Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2021-32134 (https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01):

The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

CVE-2021-32136 (https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed):

Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.


All patched upstream, no release.
Comment 12 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-02 01:13:12 UTC
CVE-2021-41456:

There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.

Unreleased patch: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e

CVE-2021-41457:

There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.

Unreleased patch: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619

CVE-2021-41459:

There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.

Unreleased patch: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339
Comment 13 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-13 02:05:34 UTC
CVE-2020-22673 (https://github.com/gpac/gpac/issues/1342):

Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

CVE-2020-22674 (https://github.com/gpac/gpac/issues/1346):

An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.

CVE-2020-22675 (https://github.com/gpac/gpac/issues/1344):

An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

CVE-2020-22677 (https://github.com/gpac/gpac/issues/1341):

An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

CVE-2020-22678 (https://github.com/gpac/gpac/issues/1339):

An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

CVE-2020-22679 (https://github.com/gpac/gpac/issues/1345):

Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.


All fixed in 0.8.1.
Comment 14 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-23 08:11:01 UTC
CVE-2021-45260 (https://github.com/gpac/gpac/issues/1979):

A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash.
Comment 15 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-23 08:29:19 UTC
CVE-2021-45262 (https://github.com/gpac/gpac/issues/1980):

An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/ef86a8eba3b166b885dec219066dd3a47501e03a

CVE-2021-45263 (https://github.com/gpac/gpac/issues/1975):

An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9

CVE-2021-45266 (https://github.com/gpac/gpac/issues/1985):

A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/76b9e3f578a056fee07a4b317f5b36a83d01810e

CVE-2021-45267 (https://github.com/gpac/gpac/issues/1965):

An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487

CVE-2021-45258 (https://github.com/gpac/gpac/issues/1970):

A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/47a26a32c9a2cd630c48517c3e6ab2fa5f6a26ad

CVE-2021-45259 (https://github.com/gpac/gpac/issues/1986):

An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash.

Patches: https://github.com/gpac/gpac/commit/9628ba6bf3ead727dbdef4aa1e9b3a2ebc36ec58, https://github.com/gpac/gpac/commit/654c796482c2609aa736315f9273d6c5912e0a29

CVE-2021-44918 (https://github.com/gpac/gpac/issues/1968):

A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a

CVE-2021-44919 (https://github.com/gpac/gpac/issues/1963):

A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229

CVE-2021-44920 (https://github.com/gpac/gpac/issues/1957):

An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4

CVE-2021-44921 (https://github.com/gpac/gpac/issues/1964):

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2

CVE-2021-44922 (https://github.com/gpac/gpac/issues/1969):

A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a

CVE-2021-44923 (https://github.com/gpac/gpac/issues/1962):

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229

CVE-2021-44924 (https://github.com/gpac/gpac/issues/1959):

An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.

Patch: https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497

CVE-2021-44925 (https://github.com/gpac/gpac/issues/1967):

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2

CVE-2021-44926 (https://github.com/gpac/gpac/issues/1961):

A null pointer dereference vulnerability exists in the gpac in the gf_node_get_tag function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e

CVE-2021-44927 (https://github.com/gpac/gpac/issues/1960):

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.

Patch: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92

CVE-2021-45297 (https://github.com/gpac/gpac/issues/1973):

An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size.

Patch: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770

CVE-2021-45289 (https://github.com/gpac/gpac/issues/1972):

A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL.

Patch: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d

CVE-2021-45291 (https://github.com/gpac/gpac/issues/1955):

The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.

Patch: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc

CVE-2021-45292 (https://github.com/gpac/gpac/issues/1958):

The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.

Patch: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6

CVE-2021-45288 (https://github.com/gpac/gpac/issues/1956):

A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command.

Patch: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3


None of these seem to have made it into a release.
Comment 16 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-06 07:55:42 UTC
CVE-2021-46038 (https://github.com/gpac/gpac/issues/2000):

A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent).

Patch: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f

CVE-2021-45831 (https://github.com/gpac/gpac/issues/1990):

A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service.

Patch: https://github.com/gpac/gpac/commit/4613a35362e15a6df90453bd632d083645e5a765
Comment 17 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-07 05:04:26 UTC
CVE-2021-46039 (https://github.com/gpac/gpac/issues/1999):

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Service (context-dependent).

CVE-2021-46040 (https://github.com/gpac/gpac/issues/2003):

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent).

CVE-2021-46041 (https://github.com/gpac/gpac/issues/2004):

A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service.

CVE-2021-46042 (https://github.com/gpac/gpac/issues/2002):

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service.

CVE-2021-46043 (https://github.com/gpac/gpac/issues/2001):

A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service.

CVE-2021-46044 (https://github.com/gpac/gpac/issues/2006):

A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent).

All fixed by unreleased patch: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
Comment 18 filip ambroz 2022-01-10 17:23:40 UTC
CVE-2021-46045 (https://github.com/gpac/gpac/issues/2007):

GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent).

CVE-2021-46046 (https://github.com/gpac/gpac/issues/2005):

A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent).

CVE-2021-46047 (https://github.com/gpac/gpac/issues/2008):

Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function.

CVE-2021-46049 (https://github.com/gpac/gpac/issues/2013):

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service.

CVE-2021-46051 (https://github.com/gpac/gpac/issues/2011):

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service.
Comment 19 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-11 03:30:01 UTC
CVE-2021-36412 (https://github.com/gpac/gpac/issues/1838):

A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command,

CVE-2021-36414 (https://github.com/gpac/gpac/issues/1840):

A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2021-46051 (https://github.com/gpac/gpac/issues/2011):

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. .

CVE-2021-46049 (https://github.com/gpac/gpac/issues/2013):

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service.

CVE-2021-46047 (https://github.com/gpac/gpac/issues/2008):

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function.

CVE-2021-46045 (https://github.com/gpac/gpac/issues/2007):

GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent).

CVE-2021-46046 (https://github.com/gpac/gpac/issues/2005):

A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent).

All patched.
Comment 20 filip ambroz 2022-01-11 08:05:28 UTC
CVE-2020-25427 (https://github.com/gpac/gpac/issues/1406):

A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.

Patched: https://github.com/gpac/gpac/commit/8e585e623b1d666b4ef736ed609264639cb27701
Comment 21 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-13 02:03:46 UTC
CVE-2021-40562 (https://github.com/gpac/gpac/issues/1901):

A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service.

CVE-2021-40563 (https://github.com/gpac/gpac/issues/1892):

A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.

CVE-2021-40564 (https://github.com/gpac/gpac/issues/1898):

A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.

CVE-2021-40565 (https://github.com/gpac/gpac/issues/1902):

A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service.

CVE-2021-40566 (https://github.com/gpac/gpac/issues/1887):

A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service.

CVE-2021-40559 (https://github.com/gpac/gpac/issues/1886):

A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.

CVE-2021-36417 (https://github.com/gpac/gpac/issues/1846):

A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.


All patched.
Comment 22 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-13 22:45:36 UTC
CVE-2021-40572 (https://github.com/gpac/gpac/issues/1893):

The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.

CVE-2021-40573 (https://github.com/gpac/gpac/issues/1891):

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.

CVE-2021-40574 (https://github.com/gpac/gpac/issues/1897):

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

CVE-2021-40575 (https://github.com/gpac/gpac/issues/1905):

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566.

CVE-2021-40576 (https://github.com/gpac/gpac/issues/1904):

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service.

CVE-2021-40569 (https://github.com/gpac/gpac/issues/1890):

The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service.

CVE-2021-40570 (https://github.com/gpac/gpac/issues/1899):

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

CVE-2021-40571 (https://github.com/gpac/gpac/issues/1895):

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

CVE-2021-40567 (https://github.com/gpac/gpac/issues/1889):

Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service.

CVE-2021-40568 (https://github.com/gpac/gpac/issues/1900):

A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.


All patched.
Comment 23 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-14 05:20:04 UTC
CVE-2021-45760 (https://github.com/gpac/gpac/issues/1966):

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability allows attackers to cause a Denial of Service (DoS).

Fixed.
Comment 24 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-14 22:42:08 UTC
CVE-2021-45767 (https://github.com/gpac/gpac/issues/1982):

GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-45764 (https://github.com/gpac/gpac/issues/1971):

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra().

CVE-2021-45762 (https://github.com/gpac/gpac/issues/1978):

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerability allows attackers to cause a Denial of Service (DoS).

CVE-2021-45763 (https://github.com/gpac/gpac/issues/1974):

GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS).


All fixed.
Comment 25 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-22 04:12:51 UTC
CVE-2021-46311 (https://github.com/gpac/gpac/issues/2038):

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46313 (https://github.com/gpac/gpac/issues/2039):

The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46234 (https://github.com/gpac/gpac/issues/2023):

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46236 (https://github.com/gpac/gpac/issues/2024):

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46237 (https://github.com/gpac/gpac/issues/2033):

An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46238 (https://github.com/gpac/gpac/issues/2027):

GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS).

CVE-2021-46239 (https://github.com/gpac/gpac/issues/2026):

The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46240 (https://github.com/gpac/gpac/issues/2028):

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS).

All fixed in Git.
Comment 26 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-05 04:22:20 UTC
CVE-2021-4043 (https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db):

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.
Comment 27 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-05 04:30:25 UTC
CVE-2022-24249 (https://github.com/gpac/gpac/issues/2081):

A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871.
Comment 28 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-13 13:21:44 UTC
CVE-2022-26967 (https://github.com/gpac/gpac/issues/2138):

GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.

Fix in https://github.com/gpac/gpac/commit/ea1eca00fd92fa17f0e25ac25652622924a9a6a0
Comment 29 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-15 15:40:37 UTC
(In reply to John Helmert III from comment #28)
> CVE-2022-26967 (https://github.com/gpac/gpac/issues/2138):
> 
> GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be
> triggered via MP4Box.
> 
> Fix in
> https://github.com/gpac/gpac/commit/ea1eca00fd92fa17f0e25ac25652622924a9a6a0

Popping this one into another bug. The other issues are fixed in 2.0.0, this one isn't.
Comment 30 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-15 15:58:11 UTC
CVE-2022-24577 (https://huntr.dev/bounties/0758b3a2-8ff2-45fc-8543-7633d605d24e/):

GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ().

CVE-2022-24574 (https://huntr.dev/bounties/a08437cc-25aa-4116-8069-816f78a2247c/):

GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra ().

CVE-2022-24575 (https://github.com/gpac/gpac/issues/2058):

GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.

CVE-2022-24576 (https://github.com/gpac/gpac/issues/2061):

GPAC 1.0.1 is affected by Use After Free through MP4Box.

CVE-2022-24578 (https://huntr.dev/bounties/1691cca3-ab54-4259-856b-751be2395b11/):

GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c.

All also fixed in 2.0.0.
Comment 31 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-09 17:28:42 UTC
CVE-2022-27145 (https://github.com/gpac/gpac/issues/2108):

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.

CVE-2022-27146 (https://github.com/gpac/gpac/issues/2120):

GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.

CVE-2022-27147 (https://github.com/gpac/gpac/issues/2109):

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.

CVE-2022-27148 (https://github.com/gpac/gpac/issues/2067):

GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.
Comment 32 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-11 02:18:34 UTC
Please cleanup
Comment 33 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-09 02:50:30 UTC
CVE-2021-40592 (https://github.com/gpac/gpac/issues/1876):
https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0a

GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.

Fix in 2.0.
Comment 34 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-18 19:08:58 UTC
CVE-2021-41458 (https://github.com/gpac/gpac/issues/1910):

In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.
Comment 35 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-05 02:07:14 UTC
CVE-2021-40606 (https://github.com/gpac/gpac/issues/1885):

The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.

CVE-2021-40607 (https://github.com/gpac/gpac/issues/1879):

The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.

CVE-2021-40608 (https://github.com/gpac/gpac/issues/1883):

The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.

CVE-2021-40609 (https://github.com/gpac/gpac/issues/1894):

The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.

CVE-2021-40944 (https://github.com/gpac/gpac/issues/1906):

In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).

CVE-2021-40942 (https://github.com/gpac/gpac/issues/1908):

In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS).
Comment 36 Hans de Graaff gentoo-dev Security 2023-10-05 13:16:53 UTC
commit 34727a187d85745de1ba11622427e9b8a3df21bf
Author: Matt Turner <mattst88@gentoo.org>
Date:   Sat Nov 12 12:29:30 2022 -0500

    media-video/gpac: Drop old versions
Comment 37 Larry the Git Cow gentoo-dev 2024-08-10 05:56:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3153e5acf29c348ac328b96bc727680297418e3c

commit 3153e5acf29c348ac328b96bc727680297418e3c
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-08-10 05:56:40 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-08-10 05:56:50 +0000

    [ GLSA 202408-21 ] GPAC: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/785649
    Bug: https://bugs.gentoo.org/835341
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202408-21.xml | 258 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 258 insertions(+)