[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#993979: gpac: CVE-2020-19751 The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read

Source: gpac
Version: 1.0.1+dfsg1-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: codehelp@debian.org, Debian Security Team <team@security.debian.org>

A security vulnerability exists in gpac at version 1.0.1+dfsg1-5.
(Vulnerable code was introduced after the version currently in buster
but remains present in the version in unstable.)

CVE-2020-19750 [0]
An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information, see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-19751
    https://github.com/gpac/gpac/commit/3fcf66c6031da966cf33ee89bcbefa2f8bec4b02
    https://sources.debian.org/src/gpac/1.0.1+dfsg1-5/src/odf/odf_code.c/#L3340

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: