Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2023-46927[0]:
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-
| overflow in gf_isom_use_compact_size
| gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.

https://github.com/gpac/gpac/issues/2657
https://github.com/gpac/gpac/commit/a7b467b151d9b54badbc4dd71e7a366b7c391817

CVE-2023-46928[1]:
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box
| in gf_media_change_pl
| /afltest/gpac/src/media_tools/isom_tools.c:3293:42.

https://github.com/gpac/gpac/issues/2661
https://github.com/gpac/gpac/commit/0753bf6d867343a80a044bf47a27d0b7accc8bf1

CVE-2023-46930[2]:
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box
| in gf_isom_find_od_id_for_track
| /afltest/gpac/src/isomedia/media_odf.c:522:14.

https://github.com/gpac/gpac/issues/2666
https://github.com/gpac/gpac/commit/3809955065afa3da1ad580012ec43deadbb0f2c8

CVE-2023-46931[3]:
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-
| overflow in ffdmx_parse_side_data
| /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.

https://github.com/gpac/gpac/issues/2664
https://github.com/gpac/gpac/commit/671976fccc971b3dff8d3dcf6ebd600472ca64bf

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-46927
    https://www.cve.org/CVERecord?id=CVE-2023-46927
[1] https://security-tracker.debian.org/tracker/CVE-2023-46928
    https://www.cve.org/CVERecord?id=CVE-2023-46928
[2] https://security-tracker.debian.org/tracker/CVE-2023-46930
    https://www.cve.org/CVERecord?id=CVE-2023-46930
[3] https://security-tracker.debian.org/tracker/CVE-2023-46931
    https://www.cve.org/CVERecord?id=CVE-2023-46931

Please adjust the affected versions in the BTS as needed.

Reply via email to