There are 2 open security issues in bullseye.
2 issues left for the package maintainer to handle:
- CVE-2021-37231:
(needs triaging)
A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check.
- CVE-2021-37232:
(needs triaging)
A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.
You can find information about how to handle these issues in the security team's documentation.