There are 2 open security issues in buster.
2 issues left for the package maintainer to handle:
- CVE-2020-15395:
(needs triaging)
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).
- CVE-2020-26797:
(needs triaging)
Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.
You can find information about how to handle these issues in the security team's documentation.