Register | Log in

ccextractor

Choose email to subscribe with

general

source: ccextractor (main)
version: 0.88+ds1-1
maintainer: Freexian Packaging Team (DMD)
uploaders: Sophie Brun [DMD] – Raphaël Hertzog [DMD]
arch: any
std-ver: 4.2.1
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.88+ds1-1

versioned links

0.88+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ccextractor (2 bugs: 0, 2, 0, 0)

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

24 security issues in bullseye high

There are 24 open security issues in bullseye.

1 important issue:

CVE-2026-2245: A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The name of the patch is fd7271bae238ccb3ae8a71304ea64f0886324925. It is best practice to apply a patch to resolve this issue.

23 issues postponed or untriaged:

CVE-2020-6630: (needs triaging) An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.
CVE-2020-6631: (needs triaging) An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
CVE-2018-21015: (needs triaging) AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.
CVE-2019-12481: (needs triaging) An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-12482: (needs triaging) An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-12483: (needs triaging) An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.
CVE-2019-13618: (needs triaging) In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.
CVE-2019-20161: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
CVE-2019-20162: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.
CVE-2019-20170: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.
CVE-2019-20171: (needs triaging) An issue was discovered in GPAC version 0.5.2 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c.
CVE-2019-20208: (needs triaging) dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow.
CVE-2020-19751: (needs triaging) An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.
CVE-2020-24829: (needs triaging) An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file.
CVE-2020-35981: (needs triaging) An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
CVE-2021-21852: (needs triaging) Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-28300: (needs triaging) NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.
CVE-2021-30014: (needs triaging) There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash.
CVE-2021-31258: (needs triaging) The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31260: (needs triaging) The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32137: (needs triaging) Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-32440: (needs triaging) The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-33362: (needs triaging) Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

Created: 2026-02-09 Last update: 2026-02-10 05:31

news

[2023-11-23] Accepted ccextractor 0.94+ds1-3 (source) into unstable (Utkarsh Gupta)
[2023-06-20] Accepted ccextractor 0.94+ds1-2 (source) into unstable (Utkarsh Gupta)
[2022-07-09] ccextractor REMOVED from testing (Debian testing watch)
[2022-04-09] ccextractor 0.94+ds1-1 MIGRATED to testing (Debian testing watch)
[2022-04-04] Accepted ccextractor 0.94+ds1-1 (source) into unstable (Neil Williams)
[2022-03-21] ccextractor 0.93+ds2-2 MIGRATED to testing (Debian testing watch)
[2022-03-16] Accepted ccextractor 0.93+ds2-2 (source) into unstable (Neil Williams)
[2021-09-26] ccextractor 0.93+ds2-1 MIGRATED to testing (Debian testing watch)
[2021-09-21] Accepted ccextractor 0.93+ds2-1 (source) into unstable (Neil Williams)
[2021-09-16] Accepted ccextractor 0.93+ds1-1 (source) into unstable (Neil Williams)
[2020-08-12] ccextractor 0.88+ds1-1 MIGRATED to testing (Debian testing watch)
[2020-08-07] Accepted ccextractor 0.88+ds1-1 (source) into unstable (Sebastien Delafond)
[2020-08-07] ccextractor REMOVED from testing (Debian testing watch)
[2018-12-05] ccextractor 0.87+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-11-30] Accepted ccextractor 0.87+ds1-1 (source) into unstable (Raphaël Hertzog)
[2018-09-11] ccextractor 0.86+ds1-2 MIGRATED to testing (Debian testing watch)
[2018-09-06] Accepted ccextractor 0.86+ds1-2 (source) into unstable (Sophie Brun) (signed by: Raphaël Hertzog)
[2018-04-30] ccextractor 0.86+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-24] Accepted ccextractor 0.86+ds1-1 (source amd64) into unstable, unstable (Sophie Brun) (signed by: Raphaël Hertzog)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
buildd: logs, cross
popcon
edit tags
security tracker
screenshots

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing