Bug#1015788: gpac: CVE-2022-2453 CVE-2022-2454
Source: gpac
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2022-2453[0]:
| Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.
https://huntr.dev/bounties/c8c964de-046a-41b2-9ff5-e25cfdb36b5a
https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c
CVE-2022-2454[1]:
| Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to
| 2.1-DEV.
https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f
https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-2453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2453
[1] https://security-tracker.debian.org/tracker/CVE-2022-2454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2454
Please adjust the affected versions in the BTS as needed.
Reply to: