Debian Gpac vulnerabilities

CVE-2021-36417 [HIGH] CVE-2021-36417: gpac - A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_... A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-21855 [HIGH] CVE-2021-21855: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a

CVE-2021-41459 [HIGH] CVE-2021-41459: gpac - There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008... There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-41456 [HIGH] CVE-2021-41456: gpac - There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004... There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-21849 [HIGH] CVE-2021-21849: gpac - An exploitable integer overflow vulnerability exists within the MPEG-4 decoding ... An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corr

CVE-2021-36414 [HIGH] CVE-2021-36414: gpac - A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via me... A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-36412 [HIGH] CVE-2021-36412: gpac - A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via th... A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command, Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-21857 [HIGH] CVE-2021-21857: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a

CVE-2021-21850 [HIGH] CVE-2021-21850: gpac - An exploitable integer overflow vulnerability exists within the MPEG-4 decoding ... An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corr

CVE-2021-40568 [HIGH] CVE-2021-40568: gpac - A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4... A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-21861 [HIGH] CVE-2021-21861: gpac - An exploitable integer truncation vulnerability exists within the MPEG-4 decodin... An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user t

CVE-2021-21853 [HIGH] CVE-2021-21853: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a

CVE-2021-41457 [HIGH] CVE-2021-41457: gpac - There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nh... There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-21839 [HIGH] CVE-2021-21839: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to

CVE-2021-21836 [HIGH] CVE-2021-21836: gpac - An exploitable integer overflow vulnerability exists within the MPEG-4 decoding ... An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the “ctts” FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a u

CVE-2021-31255 [HIGH] CVE-2021-31255: gpac - Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows att... Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4)

CVE-2021-21844 [HIGH] CVE-2021-21844: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corrup

CVE-2021-21838 [HIGH] CVE-2021-21838: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to

CVE-2021-45266 [HIGH] CVE-2021-45266: gpac - A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_a... A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash. Scope: local bullseye: open

CVE-2021-21859 [HIGH] CVE-2021-21859: gpac - An exploitable integer truncation vulnerability exists within the MPEG-4 decodin... An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1