Debian Ccextractor vulnerabilities

CVE-2026-2889 [MEDIUM] CVE-2026-2889: ccextractor - A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the functi... A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6 is able to address this issue. The patch is named fd7271bae238ccb

CVE-2026-2245 [MEDIUM] CVE-2026-2245: ccextractor - A vulnerability was identified in CCExtractor up to 183. This affects the functi... A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The name of the patch is

CVE-2021-28300 [CRITICAL] CVE-2021-28300: ccextractor - NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" funct... NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file. Scope: local bullseye: open

CVE-2021-21852 [HIGH] CVE-2021-21852: ccextractor - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince

CVE-2021-33362 [HIGH] CVE-2021-33362: ccextractor - Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC... Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Scope: local bullseye: open

CVE-2021-31258 [MEDIUM] CVE-2021-31258: ccextractor - The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause ... The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: open

CVE-2021-31260 [MEDIUM] CVE-2021-31260: ccextractor - The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of serv... The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: open

CVE-2021-32137 [MEDIUM] CVE-2021-32137: ccextractor - Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1... Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Scope: local bullseye: open

CVE-2021-32440 [MEDIUM] CVE-2021-32440: ccextractor - The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a deni... The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: open

CVE-2021-30014 [MEDIUM] CVE-2021-30014: ccextractor - There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_... There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash. Scope: local bullseye: open

CVE-2021-32134 [MEDIUM] CVE-2021-32134: ccextractor - The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial o... The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: resolved

CVE-2021-32139 [MEDIUM] CVE-2021-32139: ccextractor - The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a den... The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: resolved

CVE-2020-19751 [CRITICAL] CVE-2020-19751: ccextractor - An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_... An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. Scope: local bullseye: open

CVE-2020-35981 [HIGH] CVE-2020-35981: ccextractor - An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid poi... An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c. Scope: local bullseye: open

CVE-2020-6631 [MEDIUM] CVE-2020-6631: ccextractor - An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereferen... An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c. Scope: local bullseye: open

CVE-2020-24829 [MEDIUM] CVE-2020-24829: ccextractor - An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box... An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file. Scope: local bullseye: open

CVE-2020-6630 [MEDIUM] CVE-2020-6630: ccextractor - An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereferen... An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c. Scope: local bullseye: open

CVE-2020-35980 [HIGH] CVE-2020-35980: ccextractor - An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-fr... An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c. Scope: local bullseye: resolved

CVE-2019-12482 [HIGH] CVE-2019-12482: ccextractor - An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in th... An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box. Scope: local bullseye: open

CVE-2019-12483 [HIGH] CVE-2019-12483: ccextractor - An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in ... An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box. Scope: local bullseye: open