Debian Gpac vulnerabilities

CVE-2021-40566 [MEDIUM] CVE-2021-40566: gpac - A Segmentation fault casued by heap use after free vulnerability exists in Gpac ... A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-44920 [MEDIUM] CVE-2021-44920: gpac - An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the ... An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash. Scope: local bullseye: open

CVE-2021-44921 [MEDIUM] CVE-2021-44921: gpac - A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_par... A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash. Scope: local bullseye: open

CVE-2021-46040 [MEDIUM] CVE-2021-46040: gpac - A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_m... A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent). Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-30199 [MEDIUM] CVE-2021-30199: gpac - In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, whe... In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4)

CVE-2021-40944 [MEDIUM] CVE-2021-40944: gpac - In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filte... In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-45262 [MEDIUM] CVE-2021-45262: gpac - An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del fun... An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-46240 [MEDIUM] CVE-2021-46240: gpac - A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function ... A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS). Scope: local bullseye: open

CVE-2021-32438 [MEDIUM] CVE-2021-32438: gpac - The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a d... The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: open

CVE-2021-4043 [MEDIUM] CVE-2021-4043: gpac - NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-31258 [MEDIUM] CVE-2021-31258: ccextractor - The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause ... The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: open

CVE-2021-44925 [MEDIUM] CVE-2021-44925: gpac - A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_... A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash. Scope: local bullseye: open

CVE-2021-46041 [MEDIUM] CVE-2021-46041: gpac - A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new fun... A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-30022 [MEDIUM] CVE-2021-30022: gpac - There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_b... There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC from 0.5.2 to 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4)

CVE-2021-32269 [MEDIUM] CVE-2021-32269: gpac - An issue was discovered in gpac through 20200801. A NULL pointer dereference exi... An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2021-46237 [MEDIUM] CVE-2021-46237: gpac - An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the fun... An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). Scope: local bullseye: open

CVE-2021-45288 [MEDIUM] CVE-2021-45288: gpac - A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could caus... A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. Scope: local bullseye: open

CVE-2021-46038 [MEDIUM] CVE-2021-46038: gpac - A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, w... A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent). Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-40942 [MEDIUM] CVE-2021-40942: gpac - In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_pa... In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). Scope: local bullseye: open

CVE-2021-40592 [MEDIUM] CVE-2021-40592: gpac - GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.... GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file. Scope: local bullseye: resolve