Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for gpac. CVE-2023-3012[0]: | NULL Pointer Dereference in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69 https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7 CVE-2023-3013[1]: | Unchecked Return Value in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073 https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594 CVE-2023-3291[2]: | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/ https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf CVE-2023-39562[3]: | GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a | heap-use-after-free via the gf_bs_align function at bitstream.c. | This vulnerability allows attackers to cause a Denial of Service | (DoS) via supplying a crafted file. https://github.com/gpac/gpac/issues/2537 https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6 CVE-2023-4678[4]: | Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07 https://huntr.dev/bounties/688a4a01-8c18-469d-8cbe-a2e79e80c877 CVE-2023-4681[5]: | NULL Pointer Dereference in GitHub repository gpac/gpac prior to | 2.3-DEV. https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e CVE-2023-4682[6]: | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.3-DEV. https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c CVE-2023-4683[7]: | NULL Pointer Dereference in GitHub repository gpac/gpac prior to | 2.3-DEV. https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922 CVE-2023-4720[8]: | Floating Point Comparison with Incorrect Operator in GitHub | repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad CVE-2023-4721[9]: | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63 https://huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc CVE-2023-4722[10]: | Integer Overflow or Wraparound in GitHub repository gpac/gpac prior | to 2.3-DEV. https://github.com/gpac/gpac/commit/de7f3a852bef72a52825fd307cf4e8f486401a76 https://huntr.dev/bounties/ddfdb41d-e708-4fec-afe5-68ff1f88f830 CVE-2023-4754[11]: | Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0 https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c CVE-2023-4755[12]: | Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a https://huntr.dev/bounties/463474b7-a4e8-42b6-8b30-e648a77ee6b3 CVE-2023-4756[13]: | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.3-DEV. https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01 https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05 CVE-2023-4758[14]: | Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86 https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6 CVE-2023-4778[15]: | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/ https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3012 https://www.cve.org/CVERecord?id=CVE-2023-3012 [1] https://security-tracker.debian.org/tracker/CVE-2023-3013 https://www.cve.org/CVERecord?id=CVE-2023-3013 [2] https://security-tracker.debian.org/tracker/CVE-2023-3291 https://www.cve.org/CVERecord?id=CVE-2023-3291 [3] https://security-tracker.debian.org/tracker/CVE-2023-39562 https://www.cve.org/CVERecord?id=CVE-2023-39562 [4] https://security-tracker.debian.org/tracker/CVE-2023-4678 https://www.cve.org/CVERecord?id=CVE-2023-4678 [5] https://security-tracker.debian.org/tracker/CVE-2023-4681 https://www.cve.org/CVERecord?id=CVE-2023-4681 [6] https://security-tracker.debian.org/tracker/CVE-2023-4682 https://www.cve.org/CVERecord?id=CVE-2023-4682 [7] https://security-tracker.debian.org/tracker/CVE-2023-4683 https://www.cve.org/CVERecord?id=CVE-2023-4683 [8] https://security-tracker.debian.org/tracker/CVE-2023-4720 https://www.cve.org/CVERecord?id=CVE-2023-4720 [9] https://security-tracker.debian.org/tracker/CVE-2023-4721 https://www.cve.org/CVERecord?id=CVE-2023-4721 [10] https://security-tracker.debian.org/tracker/CVE-2023-4722 https://www.cve.org/CVERecord?id=CVE-2023-4722 [11] https://security-tracker.debian.org/tracker/CVE-2023-4754 https://www.cve.org/CVERecord?id=CVE-2023-4754 [12] https://security-tracker.debian.org/tracker/CVE-2023-4755 https://www.cve.org/CVERecord?id=CVE-2023-4755 [13] https://security-tracker.debian.org/tracker/CVE-2023-4756 https://www.cve.org/CVERecord?id=CVE-2023-4756 [14] https://security-tracker.debian.org/tracker/CVE-2023-4758 https://www.cve.org/CVERecord?id=CVE-2023-4758 [15] https://security-tracker.debian.org/tracker/CVE-2023-4778 https://www.cve.org/CVERecord?id=CVE-2023-4778 Please adjust the affected versions in the BTS as needed.