Source: gpac Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi Some of the CVEs in #1033116 seems to not have been addressed (and in part were addressed in a DSA already). Here a fresh bug for the remaining ones. Hi, The following vulnerabilities were published for gpac. CVE-2023-0770[0]: | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.2. CVE-2023-0760[1]: | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to | V2.1.0-DEV. CVE-2023-0358[2]: | Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV. CVE-2023-23145[3]: | GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a | memory leak in lsr_read_rare_full function. CVE-2023-23144[4]: | Integer overflow vulnerability in function Q_DecCoordOnUnitSphere | file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master. CVE-2023-23143[5]: | Buffer overflow vulnerability in function avc_parse_slice in file | media_tools/av_parsers.c. GPAC version 2.3-DEV- | rev1-g4669ba229-master. CVE-2022-4202[6]: | A vulnerability, which was classified as problematic, was found in | GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function | lsr_translate_coords of the file laser/lsr_dec.c. The manipulation | leads to integer overflow. It is possible to launch the attack | remotely. The exploit has been disclosed to the public and may be | used. The name of the patch is | b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply | a patch to fix this issue. VDB-214518 is the identifier assigned to | this vulnerability. CVE-2022-45343[7]: | GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a | heap use-after-free via the Q_IsTypeOn function at | /gpac/src/bifs/unquantize.c. CVE-2022-45283[8]: | GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the | smil_parse_time_list parameter at /scenegraph/svg_attributes.c. CVE-2022-45202[9]: | GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a | stack overflow via the function dimC_box_read at | isomedia/box_code_3gpp.c. CVE-2022-43045[10]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | segmentation violation via the function gf_dump_vrml_sffield at | /scene_manager/scene_dump.c. CVE-2022-43044[11]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | segmentation violation via the function gf_isom_get_meta_item_info | at /isomedia/meta.c. CVE-2022-43043[12]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | segmentation violation via the function BD_CheckSFTimeOffset at | /bifs/field_decode.c. CVE-2022-43042[13]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | heap buffer overflow via the function FixSDTPInTRAF at | isomedia/isom_intern.c. CVE-2022-43040[14]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | heap buffer overflow via the function gf_isom_box_dump_start_ex at | /isomedia/box_funcs.c. CVE-2022-43039[15]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | segmentation violation via the function | gf_isom_meta_restore_items_ref at /isomedia/meta.c. CVE-2022-3222[16]: | Uncontrolled Recursion in GitHub repository gpac/gpac prior to | 2.1.0-DEV. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-0770 https://www.cve.org/CVERecord?id=CVE-2023-0770 [1] https://security-tracker.debian.org/tracker/CVE-2023-0760 https://www.cve.org/CVERecord?id=CVE-2023-0760 [2] https://security-tracker.debian.org/tracker/CVE-2023-0358 https://www.cve.org/CVERecord?id=CVE-2023-0358 [3] https://security-tracker.debian.org/tracker/CVE-2023-23145 https://www.cve.org/CVERecord?id=CVE-2023-23145 [4] https://security-tracker.debian.org/tracker/CVE-2023-23144 https://www.cve.org/CVERecord?id=CVE-2023-23144 [5] https://security-tracker.debian.org/tracker/CVE-2023-23143 https://www.cve.org/CVERecord?id=CVE-2023-23143 [6] https://security-tracker.debian.org/tracker/CVE-2022-4202 https://www.cve.org/CVERecord?id=CVE-2022-4202 [7] https://security-tracker.debian.org/tracker/CVE-2022-45343 https://www.cve.org/CVERecord?id=CVE-2022-45343 [8] https://security-tracker.debian.org/tracker/CVE-2022-45283 https://www.cve.org/CVERecord?id=CVE-2022-45283 [9] https://security-tracker.debian.org/tracker/CVE-2022-45202 https://www.cve.org/CVERecord?id=CVE-2022-45202 [10] https://security-tracker.debian.org/tracker/CVE-2022-43045 https://www.cve.org/CVERecord?id=CVE-2022-43045 [11] https://security-tracker.debian.org/tracker/CVE-2022-43044 https://www.cve.org/CVERecord?id=CVE-2022-43044 [12] https://security-tracker.debian.org/tracker/CVE-2022-43043 https://www.cve.org/CVERecord?id=CVE-2022-43043 [13] https://security-tracker.debian.org/tracker/CVE-2022-43042 https://www.cve.org/CVERecord?id=CVE-2022-43042 [14] https://security-tracker.debian.org/tracker/CVE-2022-43040 https://www.cve.org/CVERecord?id=CVE-2022-43040 [15] https://security-tracker.debian.org/tracker/CVE-2022-43039 https://www.cve.org/CVERecord?id=CVE-2022-43039 [16] https://security-tracker.debian.org/tracker/CVE-2022-3222 https://www.cve.org/CVERecord?id=CVE-2022-3222 Regards, Salvatore
