Bug#987323: marked as done (gpac: CVE-2021-29279 CVE-2021-30014 CVE-2021-30015 CVE-2021-30019 CVE-2021-30020 CVE-2021-30022 CVE-2021-30199)
Your message dated Tue, 25 May 2021 02:19:29 +0000
with message-id <E1llMfJ-000I6B-RR@fasolo.debian.org>
and subject line Bug#987323: fixed in gpac 1.0.1+dfsg1-4
has caused the Debian Bug report #987323,
regarding gpac: CVE-2021-29279 CVE-2021-30014 CVE-2021-30015 CVE-2021-30019 CVE-2021-30020 CVE-2021-30022 CVE-2021-30199
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
987323: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987323
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: gpac: CVE-2021-29279 CVE-2021-30014 CVE-2021-30015 CVE-2021-30019 CVE-2021-30020 CVE-2021-30022 CVE-2021-30199
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 21 Apr 2021 20:24:43 +0200
- Message-id: <161902948345.75137.17566023122174215871.reportbug@eldamar.lan>
Source: gpac
Version: 1.0.1+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerabilities were published for gpac, filling a
seprate bug for this set of new CVEs araised yesterday.
CVE-2021-29279[0]:
| There is a integer overflow in function
| filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In
| which, the arg const GF_PropertyValue *value,maybe
| value->value.data.size is a negative number. In result, memcpy in
| gf_props_assign_value failed.
CVE-2021-30014[1]:
| There is a integer overflow in media_tools/av_parsers.c in the
| hevc_parse_slice_segment function in GPAC 1.0.1 which results in a
| crash.
CVE-2021-30015[2]:
| There is a Null Pointer Dereference in function
| filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC
| 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the
| ctx.opid maybe NULL. The result is a crash in
| gf_filter_pck_new_alloc_internal.
CVE-2021-30019[3]:
| In the adts_dmx_process function in filters/reframe_adts.c in GPAC
| 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller
| than ctx->hdr.hdr_size, resulting in size to be a negative number
| and a heap overflow in the memcpy.
CVE-2021-30020[4]:
| In the function gf_hevc_read_pps_bs_internal function in
| media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with
| crafted file, pps->num_tile_columns may be larger than
| sizeof(pps->column_width), which results in a heap overflow in the
| loop.
CVE-2021-30022[5]:
| There is a integer overflow in media_tools/av_parsers.c in the
| gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative
| number, so it will not return. However, avc->pps only has 255 unit,
| so there is an overflow, which results a crash.
CVE-2021-30199[6]:
| In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer
| Dereference, when gf_filter_pck_get_data is called. The first arg pck
| may be null with a crafted mp4 file,which results in a crash.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-29279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29279
[1] https://security-tracker.debian.org/tracker/CVE-2021-30014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30014
[2] https://security-tracker.debian.org/tracker/CVE-2021-30015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30015
[3] https://security-tracker.debian.org/tracker/CVE-2021-30019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30019
[4] https://security-tracker.debian.org/tracker/CVE-2021-30020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30020
[5] https://security-tracker.debian.org/tracker/CVE-2021-30022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30022
[6] https://security-tracker.debian.org/tracker/CVE-2021-30199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30199
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gpac
Source-Version: 1.0.1+dfsg1-4
Done: Reinhard Tartler <siretart@tauware.de>
We believe that the bug you reported is fixed in the latest version of
gpac, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 987323@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated gpac package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 May 2021 21:09:10 -0400
Source: gpac
Architecture: source
Version: 1.0.1+dfsg1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Closes: 987280 987323 987374
Changes:
gpac (1.0.1+dfsg1-4) unstable; urgency=medium
.
[ Moritz Muehlenhoff ]
* Cherrypicked fixes for multiple security issues:
(Closes: #987280, #987323, #987374)
- CVE-2021-30014/CVE-2021-30020/CVE-2021-30022
- CVE-2020-35979
- CVE-2020-35981
- CVE-2020-35982
- CVE-2021-28300
- CVE-2021-29279
- CVE-2021-31255
- CVE-2021-31256
- CVE-2021-31261
- CVE-2021-30015
- CVE-2021-30019
- CVE-2021-30199
- CVE-2021-31257
- CVE-2021-31258
- CVE-2021-31260
- CVE-2021-31262
.
[ Reinhard Tartler ]
* upload to unstable
Checksums-Sha1:
1128f53457ca2a28f393901a581173c7fe934acf 2701 gpac_1.0.1+dfsg1-4.dsc
8522ee622dd8588bc681c8ab271d86d768e15f41 41604 gpac_1.0.1+dfsg1-4.debian.tar.xz
Checksums-Sha256:
dbbad33437d44fa6a260635a5533c04348e2e2c3a8f49f6d56aca98454cea7a4 2701 gpac_1.0.1+dfsg1-4.dsc
1552418a0caefa859e6393ac5a6e029c53145b5eec05d7aa07609d3fc42538ad 41604 gpac_1.0.1+dfsg1-4.debian.tar.xz
Files:
72e4ea906f6fe29d9a95a5e7f0d14cbf 2701 graphics optional gpac_1.0.1+dfsg1-4.dsc
f3769d6e6d4dc5404f3ecb08b13779da 41604 graphics optional gpac_1.0.1+dfsg1-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmCsVvsUHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJsvLQQ/5AdK9+L9KTth9FtFO4ODNVpRdjyPX
nWdvft0AuKytOkUUTn9PMVLjSgqAY9wkynVJ1lHhGkgp5JNZ5dkvWYzPCa2Hxwmc
VtLvCi5JD9DH8BvVeGbVcbCZK0Re6W9wbJpRakJb2Um91lzJmmfcxKK5tT3iPFug
r1icOwk1/r4RpbHi/8RBIVD9wPBQsqa6V2OQilrdJ2yMAuQhJHXJK/ZI6PTW6xkb
sV68c2YEeysplRkX0RxQxMpLCyVwr5mBHNyVlcEg0xKMbjM1LKLaTnPP+8KYhuO3
/h5kvM0hCk+sMVqrThhRryK5KZ4+2jQ+Vwobbh1PQ6+k/KgS217+AzmIt1m/u5uP
JKTVaXaV6IsQy/px8scfij/RlXBRwDYgsR/qP43crICC0GQhrifpvvXuLzBouKCg
wTuogwTFOHJEOCtKSdL6t7M1FWSBFlmydJVrK+r8cKEK7/p9lKCOjURx8XII9TW7
7pSxvVC4Qk/EEDfoPHoyAnhNYj8owhmMZBt5xQvUTirwwyIUw3Ejauet6/dbZFQT
m57g/jpawNg9xeTULTtY6vEzlNLGU/M4WMb/WM1djZyoPfm9Th0s3e9g1MM2YqO2
jGKEo3tSUtIqVokNBHOcqomCex7mi6VBl7vXK43gWNO2v319oMxj7OX4OSbdypo9
511m8VUO4vgLyaY=
=0amP
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: