Register | Log in

gpac

Choose email to subscribe with

general

source: gpac (main)
version: 1.0.1+dfsg1-4+deb11u3
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Reinhard Tartler [DMD] – Alessio Treglia [DMD]
arch: any
std-ver: 3.9.8
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.5.2-426-gc5ad4e4+dfsg5-5
oldstable: 1.0.1+dfsg1-4+deb11u3
old-sec: 1.0.1+dfsg1-4+deb11u3

versioned links

0.5.2-426-gc5ad4e4+dfsg5-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.1+dfsg1-4+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gpac
gpac-modules-base
libgpac-dev
libgpac10

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

81 security issues in sid high

There are 81 open security issues in sid.

81 important issues:

CVE-2022-3222: Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVE-2022-4202: A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability.
CVE-2023-0358: Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-0760: Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.
CVE-2023-0770: Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.
CVE-2023-0841: A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.
CVE-2023-2837: Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-2838: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-2839: Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-2840: NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3012: NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3013: Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3291: Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3523: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-4678: Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4681: NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4682: Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4683: NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4720: Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4721: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4722: Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4754: Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4755: Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4756: Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4758: Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4778: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-5377: Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.
CVE-2023-5520: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-5586: NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-5595: Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-5998: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2024-0321: Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2024-0322: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2024-6061: A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 20c0f29139a82779b86453ce7f68d0681ec7624c. It is recommended to apply a patch to fix this issue. The identifier VDB-268789 was assigned to this vulnerability.
CVE-2024-6062: A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 31e499d310a48bd17c8b055a0bfe0fe35887a7cd. It is recommended to apply a patch to fix this issue. VDB-268790 is the identifier assigned to this vulnerability.
CVE-2024-6063: A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-268791.
CVE-2024-6064: A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf690567980d96662f5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-268792.
CVE-2022-43039: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.
CVE-2022-43040: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.
CVE-2022-43042: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.
CVE-2022-43043: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.
CVE-2022-43044: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.
CVE-2022-43045: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.
CVE-2022-45202: GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.
CVE-2022-45283: GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c.
CVE-2022-45343: GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.
CVE-2023-23143: Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master.
CVE-2023-23144: Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.
CVE-2023-23145: GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.
CVE-2023-37174: GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.
CVE-2023-37765: GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.
CVE-2023-37766: GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.
CVE-2023-37767: GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.
CVE-2023-39562: GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
CVE-2023-41000: GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.
CVE-2023-42298: An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.
CVE-2023-46001: Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.
CVE-2023-46426: Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c.
CVE-2023-46427: An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c.
CVE-2023-46871: GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.
CVE-2023-46927: GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.
CVE-2023-46928: GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.
CVE-2023-46929: An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.
CVE-2023-46930: GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.
CVE-2023-46931: GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.
CVE-2023-46932: Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.
CVE-2023-47384: MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVE-2023-47465: An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c.
CVE-2023-48011: GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.
CVE-2023-48013: GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.
CVE-2023-48014: GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.
CVE-2023-48039: GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.
CVE-2023-48090: GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.
CVE-2023-48958: gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
CVE-2023-50120: MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVE-2024-22749: GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577
CVE-2024-24265: gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.
CVE-2024-24266: gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
CVE-2024-24267: gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
CVE-2024-28318: gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325
CVE-2024-28319: gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374

Created: 2022-07-04 Last update: 2024-06-30 13:24

49 security issues in trixie high

There are 49 open security issues in trixie.

49 important issues:

CVE-2022-3222: Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVE-2022-4202: A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability.
CVE-2023-0358: Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-0760: Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.
CVE-2023-0770: Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.
CVE-2023-0841: A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.
CVE-2023-2837: Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-2838: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-2839: Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-2840: NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3012: NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3013: Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3291: Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3523: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-4678: Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4681: NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4682: Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4683: NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4720: Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4721: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4722: Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4754: Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4755: Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4756: Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4758: Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4778: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-5377: Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.
CVE-2023-5520: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-5586: NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-5595: Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2022-43039: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.
CVE-2022-43040: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.
CVE-2022-43042: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.
CVE-2022-43043: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.
CVE-2022-43044: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.
CVE-2022-43045: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.
CVE-2022-45202: GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.
CVE-2022-45283: GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c.
CVE-2022-45343: GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.
CVE-2023-23143: Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master.
CVE-2023-23144: Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.
CVE-2023-23145: GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.
CVE-2023-37174: GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.
CVE-2023-37765: GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.
CVE-2023-37766: GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.
CVE-2023-37767: GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.
CVE-2023-39562: GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
CVE-2023-41000: GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.
CVE-2023-42298: An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.

Created: 2023-10-22 Last update: 2023-10-22 12:54

48 security issues in bookworm high

There are 48 open security issues in bookworm.

48 important issues:

CVE-2022-3222: Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVE-2022-4202: A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability.
CVE-2023-0358: Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-0760: Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.
CVE-2023-0770: Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.
CVE-2023-0817: Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.
CVE-2023-0818: Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.
CVE-2023-0819: Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.
CVE-2023-0841: A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.
CVE-2023-0866: Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-1448: A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability.
CVE-2023-1449: A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability.
CVE-2023-1452: A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability.
CVE-2023-1654: Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.
CVE-2023-1655: Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.
CVE-2022-43039: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.
CVE-2022-43040: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.
CVE-2022-43042: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.
CVE-2022-43043: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.
CVE-2022-43044: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.
CVE-2022-43045: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.
CVE-2022-45202: GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.
CVE-2022-45283: GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c.
CVE-2022-45343: GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.
CVE-2022-46489: GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.
CVE-2022-46490: GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.
CVE-2022-47086: GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c
CVE-2022-47087: GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c
CVE-2022-47088: GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.
CVE-2022-47089: GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c
CVE-2022-47091: GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c
CVE-2022-47092: GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316
CVE-2022-47093: GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid
CVE-2022-47094: GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid
CVE-2022-47095: GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c
CVE-2022-47653: GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113
CVE-2022-47654: GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261
CVE-2022-47656: GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273
CVE-2022-47657: GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662
CVE-2022-47658: GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039
CVE-2022-47659: GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data
CVE-2022-47660: GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c
CVE-2022-47661: GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes
CVE-2022-47662: GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662
CVE-2022-47663: GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609
CVE-2023-23143: Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master.
CVE-2023-23144: Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.
CVE-2023-23145: GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.

Created: 2022-07-04 Last update: 2023-04-26 19:00

news

[2024-07-27] Removed 2.2.1+dfsg1-3.1 from unstable (Debian FTP Masters)
[2024-02-29] Accepted gpac 2.2.1+dfsg1-3.1 (source) into unstable (Steve Langasek)
[2024-01-31] Accepted gpac 2.2.1+dfsg1-3.1~exp1 (source) into experimental (Graham Inggs)
[2023-09-14] Accepted gpac 2.2.1+dfsg1-3 (source) into unstable (Shengjing Zhu)
[2023-09-13] Accepted gpac 2.2.1+dfsg1-2 (source) into unstable (Shengjing Zhu)
[2023-07-22] Accepted gpac 1.0.1+dfsg1-4+deb11u3 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2023-07-14] Accepted gpac 1.0.1+dfsg1-4+deb11u3 (source) into oldstable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2023-06-20] Accepted gpac 2.2.1+dfsg1-1 (amd64 source) into experimental (Debian FTP Masters) (signed by: Reinhard Tartler)
[2023-05-29] Accepted gpac 1.0.1+dfsg1-4+deb11u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Aron Xu)
[2023-05-26] Accepted gpac 1.0.1+dfsg1-4+deb11u2 (source) into stable-security (Debian FTP Masters) (signed by: Aron Xu)
[2023-04-29] gpac REMOVED from testing (Debian testing watch)
[2023-03-17] gpac 2.0.0+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2023-03-07] Accepted gpac 2.0.0+dfsg1-4 (source) into unstable (Reinhard Tartler)
[2022-03-03] gpac 2.0.0+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2022-02-25] Accepted gpac 2.0.0+dfsg1-2 (source) into unstable (Sebastian Ramacher)
[2022-02-25] Accepted gpac 2.0.0+dfsg1-1 (amd64 source) into experimental, experimental (Debian FTP Masters) (signed by: Sebastian Ramacher)
[2021-09-07] gpac 1.0.1+dfsg1-5 MIGRATED to testing (Debian testing watch)
[2021-09-02] Accepted gpac 1.0.1+dfsg1-4+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-09-01] Accepted gpac 1.0.1+dfsg1-5 (source) into unstable (Sebastian Ramacher)
[2021-08-31] Accepted gpac 1.0.1+dfsg1-4+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-05-30] gpac 1.0.1+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2021-05-25] Accepted gpac 1.0.1+dfsg1-4 (source) into unstable (Reinhard Tartler)
[2020-12-01] gpac 1.0.1+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2020-12-01] gpac 1.0.1+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2020-11-25] Accepted gpac 1.0.1+dfsg1-3 (source) into unstable (Reinhard Tartler)
[2020-11-21] Accepted gpac 1.0.1+dfsg1-2 (source) into unstable (Reinhard Tartler)
[2020-11-20] Accepted gpac 1.0.1+dfsg1-1 (amd64 source) into experimental, experimental (Debian FTP Masters) (signed by: Reinhard Tartler)
[2020-11-19] gpac 0.7.1+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2020-11-14] Accepted gpac 0.7.1+dfsg1-4 (source) into unstable (Reinhard Tartler)
[2020-01-20] Accepted gpac 0.5.0+svn5324~dfsg1-1+deb8u5 (source amd64) into oldoldstable (Sylvain Beucler)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing