[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1051866: gpac: CVE-2023-0770 CVE-2023-0760 CVE-2023-0358 CVE-2023-23145 CVE-2023-23144 CVE-2023-23143 CVE-2022-4202 CVE-2022-45343 CVE-2022-45283 CVE-2022-45202 CVE-2022-43045 CVE-2022-43044 CVE-2022-43043 CVE-2022-43042 CVE-2022-43040 CVE-2022-43039 CVE-2022-3222

Source: gpac
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi

Some of the CVEs in #1033116 seems to not have been addressed (and in
part were addressed in a DSA already). Here a fresh bug for the
remaining ones.

Hi,

The following vulnerabilities were published for gpac.

CVE-2023-0770[0]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.2.


CVE-2023-0760[1]:
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to
| V2.1.0-DEV.


CVE-2023-0358[2]:
| Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.


CVE-2023-23145[3]:
| GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a
| memory leak in lsr_read_rare_full function.


CVE-2023-23144[4]:
| Integer overflow vulnerability in function Q_DecCoordOnUnitSphere
| file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.


CVE-2023-23143[5]:
| Buffer overflow vulnerability in function avc_parse_slice in file
| media_tools/av_parsers.c. GPAC version 2.3-DEV-
| rev1-g4669ba229-master.


CVE-2022-4202[6]:
| A vulnerability, which was classified as problematic, was found in
| GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function
| lsr_translate_coords of the file laser/lsr_dec.c. The manipulation
| leads to integer overflow. It is possible to launch the attack
| remotely. The exploit has been disclosed to the public and may be
| used. The name of the patch is
| b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply
| a patch to fix this issue. VDB-214518 is the identifier assigned to
| this vulnerability.


CVE-2022-45343[7]:
| GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a
| heap use-after-free via the Q_IsTypeOn function at
| /gpac/src/bifs/unquantize.c.


CVE-2022-45283[8]:
| GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the
| smil_parse_time_list parameter at /scenegraph/svg_attributes.c.


CVE-2022-45202[9]:
| GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a
| stack overflow via the function dimC_box_read at
| isomedia/box_code_3gpp.c.


CVE-2022-43045[10]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function gf_dump_vrml_sffield at
| /scene_manager/scene_dump.c.


CVE-2022-43044[11]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function gf_isom_get_meta_item_info
| at /isomedia/meta.c.


CVE-2022-43043[12]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function BD_CheckSFTimeOffset at
| /bifs/field_decode.c.


CVE-2022-43042[13]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| heap buffer overflow via the function FixSDTPInTRAF at
| isomedia/isom_intern.c.


CVE-2022-43040[14]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| heap buffer overflow via the function gf_isom_box_dump_start_ex at
| /isomedia/box_funcs.c.


CVE-2022-43039[15]:
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a
| segmentation violation via the function
| gf_isom_meta_restore_items_ref at /isomedia/meta.c.


CVE-2022-3222[16]:
| Uncontrolled Recursion in GitHub repository gpac/gpac prior to
| 2.1.0-DEV.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-0770
    https://www.cve.org/CVERecord?id=CVE-2023-0770
[1] https://security-tracker.debian.org/tracker/CVE-2023-0760
    https://www.cve.org/CVERecord?id=CVE-2023-0760
[2] https://security-tracker.debian.org/tracker/CVE-2023-0358
    https://www.cve.org/CVERecord?id=CVE-2023-0358
[3] https://security-tracker.debian.org/tracker/CVE-2023-23145
    https://www.cve.org/CVERecord?id=CVE-2023-23145
[4] https://security-tracker.debian.org/tracker/CVE-2023-23144
    https://www.cve.org/CVERecord?id=CVE-2023-23144
[5] https://security-tracker.debian.org/tracker/CVE-2023-23143
    https://www.cve.org/CVERecord?id=CVE-2023-23143
[6] https://security-tracker.debian.org/tracker/CVE-2022-4202
    https://www.cve.org/CVERecord?id=CVE-2022-4202
[7] https://security-tracker.debian.org/tracker/CVE-2022-45343
    https://www.cve.org/CVERecord?id=CVE-2022-45343
[8] https://security-tracker.debian.org/tracker/CVE-2022-45283
    https://www.cve.org/CVERecord?id=CVE-2022-45283
[9] https://security-tracker.debian.org/tracker/CVE-2022-45202
    https://www.cve.org/CVERecord?id=CVE-2022-45202
[10] https://security-tracker.debian.org/tracker/CVE-2022-43045
    https://www.cve.org/CVERecord?id=CVE-2022-43045
[11] https://security-tracker.debian.org/tracker/CVE-2022-43044
    https://www.cve.org/CVERecord?id=CVE-2022-43044
[12] https://security-tracker.debian.org/tracker/CVE-2022-43043
    https://www.cve.org/CVERecord?id=CVE-2022-43043
[13] https://security-tracker.debian.org/tracker/CVE-2022-43042
    https://www.cve.org/CVERecord?id=CVE-2022-43042
[14] https://security-tracker.debian.org/tracker/CVE-2022-43040
    https://www.cve.org/CVERecord?id=CVE-2022-43040
[15] https://security-tracker.debian.org/tracker/CVE-2022-43039
    https://www.cve.org/CVERecord?id=CVE-2022-43039
[16] https://security-tracker.debian.org/tracker/CVE-2022-3222
    https://www.cve.org/CVERecord?id=CVE-2022-3222

Regards,
Salvatore
Reply to: