[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#987374: gpac: CVE-2020-23928 CVE-2020-23930 CVE-2020-23931 CVE-2020-23932 CVE-2020-35979 CVE-2020-35980 CVE-2020-35981 CVE-2020-35982

Control: retitle -1 gpac: CVE-2020-35979 CVE-2020-35980 CVE-2020-35981 CVE-2020-35982

On Thu, Apr 22, 2021 at 07:51:50PM +0200, Salvatore Bonaccorso wrote:
> Source: gpac
> Version: 1.0.1+dfsg1-3
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
> 
> Hi,
> 
> The following vulnerabilities were published for gpac. Unfortunately
> another round of CVEs. I'm not sure if you would actually like to have
> to properly separate the CVEs per bug in such massive case, as in
> particular we have not checked if as well they cover completely as set
> the older version. Anyway, here is the additional list of CVEs
> assigned for gpac:
> 
> CVE-2020-23928[0]:
> | An issue was discovered in gpac before 1.0.1. The abst_box_read
> | function in box_code_adobe.c has a heap-based buffer over-read.
> 
> 
> CVE-2020-23930[1]:
> | An issue was discovered in gpac through 20200801. A NULL pointer
> | dereference exists in the function nhmldump_send_header located in
> | write_nhml.c. It allows an attacker to cause Denial of Service.
> 
> 
> CVE-2020-23931[2]:
> | An issue was discovered in gpac before 1.0.1. The abst_box_read
> | function in box_code_adobe.c has a heap-based buffer over-read.
> 
> 
> CVE-2020-23932[3]:
> | An issue was discovered in gpac before 1.0.1. A NULL pointer
> | dereference exists in the function dump_isom_sdp located in
> | filedump.c. It allows an attacker to cause Denial of Service.
> 
> 
> CVE-2020-35979[4]:
> | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is
> | heap-based buffer overflow in the function gp_rtp_builder_do_avc() in
> | ietf/rtp_pck_mpeg4.c.
> 
> 
> CVE-2020-35980[5]:
> | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a
> | use-after-free in the function gf_isom_box_del() in
> | isomedia/box_funcs.c.
> 
> 
> CVE-2020-35981[6]:
> | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an
> | invalid pointer dereference in the function SetupWriters() in
> | isomedia/isom_store.c.
> 
> 
> CVE-2020-35982[7]:
> | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an
> | invalid pointer dereference in the function gf_hinter_track_finalize()
> | in media_tools/isom_hinter.c.
> 
> 
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2020-23928
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23928
> [1] https://security-tracker.debian.org/tracker/CVE-2020-23930
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23930
> [2] https://security-tracker.debian.org/tracker/CVE-2020-23931
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23931
> [3] https://security-tracker.debian.org/tracker/CVE-2020-23932
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23932
> [4] https://security-tracker.debian.org/tracker/CVE-2020-35979
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35979
> [5] https://security-tracker.debian.org/tracker/CVE-2020-35980
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35980
> [6] https://security-tracker.debian.org/tracker/CVE-2020-35981
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35981
> [7] https://security-tracker.debian.org/tracker/CVE-2020-35982
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35982

Reducing the scope for this bug, as CVE-2020-23928 CVE-2020-23930
CVE-2020-23931 CVE-2020-23932 were already fixed in unstable.

Regards,
Salvatore
Reply to: