CVE-2019-11222Out-of-bounds Write in Gpac

CWE-787Out-of-bounds Write4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 39.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GpacDebian GpacDebian Linux
Timeline
PublishedApr 15
Latest updateMay 13

Description

gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/gpac< gpac 0.5.2-426-gc5ad4e4+dfsg5-5 (bullseye)
Debiangpac/gpac< 0.5.2-426-gc5ad4e4+dfsg5-5
NVDgpac/gpac0.7.1

Also affects: Debian Linux 8.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-gh4x-4355-2f32: gf_bin128_parse in utils/os_divers2022-05-13
OSV
CVE-2019-11222: gf_bin128_parse in utils/os_divers2019-04-15

📋Vendor Advisories

1
Debian
CVE-2019-11222: gpac - gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue f...2019
CVE-2019-11222 — Out-of-bounds Write in Debian Gpac | cvebase