Bug#1015788: gpac: CVE-2022-2453 CVE-2022-2454

To: submit@bugs.debian.org
Subject: Bug#1015788: gpac: CVE-2022-2453 CVE-2022-2454
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Thu, 21 Jul 2022 11:48:49 +0200
Message-id: <[🔎] YtkhAayOvAf2RBP6@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 1015788@bugs.debian.org

Source: gpac
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2022-2453[0]:
| Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.

https://huntr.dev/bounties/c8c964de-046a-41b2-9ff5-e25cfdb36b5a
https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c

CVE-2022-2454[1]:
| Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to
| 2.1-DEV.

https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f
https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-2453
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2453
[1] https://security-tracker.debian.org/tracker/CVE-2022-2454
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2454

Please adjust the affected versions in the BTS as needed.

Reply to:

Prev by Date: soundgrain is marked for autoremoval from testing
Next by Date: Bug#1015790: wavpack: CVE-2022-2476
Previous by thread: soundgrain is marked for autoremoval from testing
Next by thread: Bug#1015790: wavpack: CVE-2022-2476
Index(es):
- Date
- Thread