Debian Gpac vulnerabilities

CVE-2021-45291 [MEDIUM] CVE-2021-45291: gpac - The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denia... The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-31260 [MEDIUM] CVE-2021-31260: ccextractor - The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of serv... The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: open

CVE-2021-40576 [MEDIUM] CVE-2021-40576: gpac - The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in ... The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-45267 [MEDIUM] CVE-2021-45267: gpac - An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the... An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-31262 [MEDIUM] CVE-2021-31262: gpac - The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denia... The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4)

CVE-2021-32270 [MEDIUM] CVE-2021-32270: gpac - An issue was discovered in gpac through 20200801. A NULL pointer dereference exi... An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2021-44922 [MEDIUM] CVE-2021-44922: gpac - A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFT... A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash. Scope: local bullseye: open

CVE-2021-45260 [MEDIUM] CVE-2021-45260: gpac - A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id... A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash. Scope: local bullseye: open

CVE-2021-45767 [MEDIUM] CVE-2021-45767: gpac - GPAC 1.1.0 was discovered to contain an invalid memory address dereference via t... GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can lead to a Denial of Service (DoS). Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-45762 [MEDIUM] CVE-2021-45762: gpac - GPAC v1.1.0 was discovered to contain an invalid memory address dereference via ... GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerability allows attackers to cause a Denial of Service (DoS). Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-30019 [MEDIUM] CVE-2021-30019: gpac - In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a craf... In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4)

CVE-2021-46049 [MEDIUM] CVE-2021-46049: gpac - A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check... A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-46234 [MEDIUM] CVE-2021-46234: gpac - A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function ... A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). Scope: local bullseye: open

CVE-2021-46042 [MEDIUM] CVE-2021-46042: gpac - A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko functio... A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-46046 [MEDIUM] CVE-2021-46046: gpac - A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size functio... A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent). Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-40567 [MEDIUM] CVE-2021-40567: gpac - Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_siz... Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-30020 [MEDIUM] CVE-2021-30020: gpac - In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.... In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4)

CVE-2021-40609 [MEDIUM] CVE-2021-40609: gpac - The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of s... The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-45292 [MEDIUM] CVE-2021-45292: gpac - The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a den... The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-31257 [MEDIUM] CVE-2021-31257: gpac - The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of servic... The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4)