Bug#1060043: gpac: CVE-2023-46929

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1060043: gpac: CVE-2023-46929
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 05 Jan 2024 08:36:42 +0100
Message-id: <[🔎] 170444020225.405939.3448459886150111160.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1060043@bugs.debian.org

Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2662
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for gpac.

CVE-2023-46929[0]:
| An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in
| MP4Box in gf_avc_change_vui
| /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers
| to crash the application.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-46929
    https://www.cve.org/CVERecord?id=CVE-2023-46929
[1] https://github.com/gpac/gpac/issues/2662
[2] https://github.com/gpac/gpac/commit/4248def5d24325aeb0e35cacde3d56c9411816a6

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Prev by Date: Bug#452382: marked as done (it would be nice to be able to install ghostscript without libcupsys2)
Next by Date: Bug#483086: marked as done (gs-common should be in oldlibs)
Previous by thread: Bug#452382: marked as done (it would be nice to be able to install ghostscript without libcupsys2)
Next by thread: Bug#483086: marked as done (gs-common should be in oldlibs)
Index(es):
- Date
- Thread