[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#987374: gpac: CVE-2020-23928 CVE-2020-23930 CVE-2020-23931 CVE-2020-23932 CVE-2020-35979 CVE-2020-35980 CVE-2020-35981 CVE-2020-35982

Source: gpac
Version: 1.0.1+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for gpac. Unfortunately
another round of CVEs. I'm not sure if you would actually like to have
to properly separate the CVEs per bug in such massive case, as in
particular we have not checked if as well they cover completely as set
the older version. Anyway, here is the additional list of CVEs
assigned for gpac:

CVE-2020-23928[0]:
| An issue was discovered in gpac before 1.0.1. The abst_box_read
| function in box_code_adobe.c has a heap-based buffer over-read.


CVE-2020-23930[1]:
| An issue was discovered in gpac through 20200801. A NULL pointer
| dereference exists in the function nhmldump_send_header located in
| write_nhml.c. It allows an attacker to cause Denial of Service.


CVE-2020-23931[2]:
| An issue was discovered in gpac before 1.0.1. The abst_box_read
| function in box_code_adobe.c has a heap-based buffer over-read.


CVE-2020-23932[3]:
| An issue was discovered in gpac before 1.0.1. A NULL pointer
| dereference exists in the function dump_isom_sdp located in
| filedump.c. It allows an attacker to cause Denial of Service.


CVE-2020-35979[4]:
| An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is
| heap-based buffer overflow in the function gp_rtp_builder_do_avc() in
| ietf/rtp_pck_mpeg4.c.


CVE-2020-35980[5]:
| An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a
| use-after-free in the function gf_isom_box_del() in
| isomedia/box_funcs.c.


CVE-2020-35981[6]:
| An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an
| invalid pointer dereference in the function SetupWriters() in
| isomedia/isom_store.c.


CVE-2020-35982[7]:
| An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an
| invalid pointer dereference in the function gf_hinter_track_finalize()
| in media_tools/isom_hinter.c.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-23928
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23928
[1] https://security-tracker.debian.org/tracker/CVE-2020-23930
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23930
[2] https://security-tracker.debian.org/tracker/CVE-2020-23931
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23931
[3] https://security-tracker.debian.org/tracker/CVE-2020-23932
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23932
[4] https://security-tracker.debian.org/tracker/CVE-2020-35979
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35979
[5] https://security-tracker.debian.org/tracker/CVE-2020-35980
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35980
[6] https://security-tracker.debian.org/tracker/CVE-2020-35981
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35981
[7] https://security-tracker.debian.org/tracker/CVE-2020-35982
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35982

Regards,
Salvatore
Reply to: