Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for gpac. CVE-2023-46927[0]: | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer- | overflow in gf_isom_use_compact_size | gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box. https://github.com/gpac/gpac/issues/2657 https://github.com/gpac/gpac/commit/a7b467b151d9b54badbc4dd71e7a366b7c391817 CVE-2023-46928[1]: | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box | in gf_media_change_pl | /afltest/gpac/src/media_tools/isom_tools.c:3293:42. https://github.com/gpac/gpac/issues/2661 https://github.com/gpac/gpac/commit/0753bf6d867343a80a044bf47a27d0b7accc8bf1 CVE-2023-46930[2]: | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box | in gf_isom_find_od_id_for_track | /afltest/gpac/src/isomedia/media_odf.c:522:14. https://github.com/gpac/gpac/issues/2666 https://github.com/gpac/gpac/commit/3809955065afa3da1ad580012ec43deadbb0f2c8 CVE-2023-46931[3]: | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer- | overflow in ffdmx_parse_side_data | /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box. https://github.com/gpac/gpac/issues/2664 https://github.com/gpac/gpac/commit/671976fccc971b3dff8d3dcf6ebd600472ca64bf If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-46927 https://www.cve.org/CVERecord?id=CVE-2023-46927 [1] https://security-tracker.debian.org/tracker/CVE-2023-46928 https://www.cve.org/CVERecord?id=CVE-2023-46928 [2] https://security-tracker.debian.org/tracker/CVE-2023-46930 https://www.cve.org/CVERecord?id=CVE-2023-46930 [3] https://security-tracker.debian.org/tracker/CVE-2023-46931 https://www.cve.org/CVERecord?id=CVE-2023-46931 Please adjust the affected versions in the BTS as needed.
