Debian Gpac vulnerabilities

CVE-2021-32137 [MEDIUM] CVE-2021-32137: ccextractor - Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1... Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Scope: local bullseye: open

CVE-2021-41458 [MEDIUM] CVE-2021-41458: gpac - In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:176... In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-40575 [MEDIUM] CVE-2021-40575: gpac - The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in ... The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-40559 [MEDIUM] CVE-2021-40559: gpac - A null pointer deference vulnerability exists in gpac through 1.0.1 via the nalu... A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-32437 [MEDIUM] CVE-2021-32437: gpac - The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial... The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: open

CVE-2021-40573 [MEDIUM] CVE-2021-40573: gpac - The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_d... The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service. Scope: local bullseye: open

CVE-2021-33365 [MEDIUM] CVE-2021-33365: gpac - Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows a... Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-40607 [MEDIUM] CVE-2021-40607: gpac - The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of s... The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. Scope: local bullseye: open

CVE-2021-46039 [MEDIUM] CVE-2021-46039: gpac - A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offs... A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Service (context-dependent). Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-30015 [MEDIUM] CVE-2021-30015: gpac - There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filt... There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4)

CVE-2021-46044 [MEDIUM] CVE-2021-46044: gpac - A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra,... A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent). Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-46239 [MEDIUM] CVE-2021-46239: gpac - The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulne... The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS). Scope: local bullseye: open

CVE-2021-32440 [MEDIUM] CVE-2021-32440: ccextractor - The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a deni... The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: open

CVE-2021-46043 [MEDIUM] CVE-2021-46043: gpac - A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count fun... A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-46045 [MEDIUM] CVE-2021-46045: gpac - GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of servic... GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-45764 [MEDIUM] CVE-2021-45764: gpac - GPAC v1.1.0 was discovered to contain an invalid memory address dereference via ... GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra(). Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-45831 [MEDIUM] CVE-2021-45831: gpac - A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __st... A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-33364 [MEDIUM] CVE-2021-33364: gpac - Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows at... Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-46051 [MEDIUM] CVE-2021-46051: gpac - A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfCon... A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. . Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-46238 [MEDIUM] CVE-2021-46238: gpac - GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_... GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS). Scope: local bullseye: open