Debian Gpac vulnerabilities

CVE-2020-35979 [HIGH] CVE-2020-35979: gpac - An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buf... An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4)

CVE-2020-35981 [HIGH] CVE-2020-35981: ccextractor - An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid poi... An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c. Scope: local bullseye: open

CVE-2020-19750 [HIGH] CVE-2020-19750: gpac - An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c ha... An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-23267 [HIGH] CVE-2020-23267: gpac - An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in i... An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-23928 [HIGH] CVE-2020-23928: gpac - An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_... An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-6631 [MEDIUM] CVE-2020-6631: ccextractor - An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereferen... An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c. Scope: local bullseye: open

CVE-2020-25427 [MEDIUM] CVE-2020-25427: gpac - A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-re... A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-19481 [MEDIUM] CVE-2020-19481: gpac - An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It cont... An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-23930 [MEDIUM] CVE-2020-23930: gpac - An issue was discovered in gpac through 20200801. A NULL pointer dereference exi... An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-23269 [MEDIUM] CVE-2020-23269: gpac - An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomed... An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-23932 [MEDIUM] CVE-2020-23932: gpac - An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists ... An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-22677 [MEDIUM] CVE-2020-22677: gpac - An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c ... An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-19488 [MEDIUM] CVE-2020-19488: gpac - An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows att... An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilst_item_Read. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-22678 [MEDIUM] CVE-2020-22678: gpac - An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes ... An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-24829 [MEDIUM] CVE-2020-24829: ccextractor - An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box... An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file. Scope: local bullseye: open

CVE-2020-22675 [MEDIUM] CVE-2020-22675: gpac - An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c h... An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-23266 [MEDIUM] CVE-2020-23266: gpac - An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_cod... An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-22352 [MEDIUM] CVE-2020-22352: gpac - The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to caus... The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-22674 [MEDIUM] CVE-2020-22674: gpac - An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in t... An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-6630 [MEDIUM] CVE-2020-6630: ccextractor - An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereferen... An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c. Scope: local bullseye: open