Debian Gpac vulnerabilities

CVE-2021-21840 [HIGH] CVE-2021-21840: gpac - An exploitable integer overflow vulnerability exists within the MPEG-4 decoding ... An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the “saio” FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attac

CVE-2021-32136 [HIGH] CVE-2021-32136: gpac - Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows a... Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Scope: local bullseye: open

CVE-2021-32439 [HIGH] CVE-2021-32439: gpac - Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows a... Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Scope: local bullseye: open

CVE-2021-32268 [HIGH] CVE-2021-32268: gpac - Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before... Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code. The fixed version is 1.0.1. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2021-21845 [HIGH] CVE-2021-21845: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user

CVE-2021-21846 [HIGH] CVE-2021-21846: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user

CVE-2021-21843 [HIGH] CVE-2021-21843: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the

CVE-2021-21860 [HIGH] CVE-2021-21860: gpac - An exploitable integer truncation vulnerability exists within the MPEG-4 decodin... An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An

CVE-2021-21854 [HIGH] CVE-2021-21854: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a

CVE-2021-21852 [HIGH] CVE-2021-21852: ccextractor - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince

CVE-2021-21837 [HIGH] CVE-2021-21837: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to

CVE-2021-29279 [HIGH] CVE-2021-29279: gpac - There is a integer overflow in function filter_core/filter_props.c:gf_props_assi... There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4)

CVE-2021-33362 [HIGH] CVE-2021-33362: ccextractor - Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC... Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Scope: local bullseye: open

CVE-2021-40562 [MEDIUM] CVE-2021-40562: gpac - A Segmentation fault caused by a floating point exception exists in Gpac through... A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-44927 [MEDIUM] CVE-2021-44927: gpac - A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_... A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash. Scope: local bullseye: open

CVE-2021-45263 [MEDIUM] CVE-2021-45263: gpac - An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribu... An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-46311 [MEDIUM] CVE-2021-46311: gpac - A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function ... A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS). Scope: local bullseye: open

CVE-2021-40565 [MEDIUM] CVE-2021-40565: gpac - A Segmentation fault caused by a null pointer dereference vulnerability exists i... A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-46313 [MEDIUM] CVE-2021-46313: gpac - The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault ... The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS). Scope: local bullseye: open

CVE-2021-45763 [MEDIUM] CVE-2021-45763: gpac - GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_ch... GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS). Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)