Debian Gpac vulnerabilities

CVE-2020-22679 [MEDIUM] CVE-2020-22679: gpac - Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows atta... Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-22673 [MEDIUM] CVE-2020-22673: gpac - Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers ... Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2020-35980 [HIGH] CVE-2020-35980: ccextractor - An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-fr... An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c. Scope: local bullseye: resolved

CVE-2019-11222 [HIGH] CVE-2019-11222: gpac - gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue f... gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file. Scope: local bullseye: resolved (fixed in 0.5.2-426-gc5ad4e4+dfsg5-5)

CVE-2019-11221 [HIGH] CVE-2019-11221: gpac - GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c. GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c. Scope: local bullseye: resolved (fixed in 0.5.2-426-gc5ad4e4+dfsg5-5)

CVE-2019-12482 [HIGH] CVE-2019-12482: ccextractor - An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in th... An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box. Scope: local bullseye: open

CVE-2019-12483 [HIGH] CVE-2019-12483: ccextractor - An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in ... An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box. Scope: local bullseye: open

CVE-2019-13618 [HIGH] CVE-2019-13618: ccextractor - In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer ... In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c. Scope: local bullseye: open

CVE-2019-20161 [MEDIUM] CVE-2019-20161: ccextractor - An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Th... An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. Scope: local bullseye: open

CVE-2019-20632 [MEDIUM] CVE-2019-20632: gpac - An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP... An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2019-20165 [MEDIUM] CVE-2019-20165: gpac - An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Th... An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2019-12481 [MEDIUM] CVE-2019-12481: ccextractor - An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in th... An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box. Scope: local bullseye: open

CVE-2019-20162 [MEDIUM] CVE-2019-20162: ccextractor - An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Th... An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. Scope: local bullseye: open

CVE-2019-20630 [MEDIUM] CVE-2019-20630: gpac - An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP... An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2019-20163 [MEDIUM] CVE-2019-20163: gpac - An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Th... An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2019-20208 [MEDIUM] CVE-2019-20208: ccextractor - dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-ba... dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow. Scope: local bullseye: open

CVE-2019-20171 [MEDIUM] CVE-2019-20171: ccextractor - An issue was discovered in GPAC version 0.5.2 and 0.9.0-development-20191109. Th... An issue was discovered in GPAC version 0.5.2 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c. Scope: local bullseye: open

CVE-2019-20628 [MEDIUM] CVE-2019-20628: gpac - An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP... An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2019-20170 [MEDIUM] CVE-2019-20170: ccextractor - An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Th... An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c. Scope: local bullseye: open

CVE-2019-20629 [MEDIUM] CVE-2019-20629: gpac - An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP... An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)