Debian Gpac vulnerabilities

CVE-2023-0358 [HIGH] CVE-2023-0358: gpac - Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV. Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV. Scope: local bullseye: open

CVE-2023-0760 [HIGH] CVE-2023-0760: gpac - Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u3)

CVE-2023-3013 [HIGH] CVE-2023-3013: gpac - Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2. Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2. Scope: local bullseye: open

CVE-2023-0819 [HIGH] CVE-2023-0819: gpac - Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2023-23143 [HIGH] CVE-2023-23143: gpac - Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av... Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2023-0866 [HIGH] CVE-2023-0866: gpac - Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV. Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2023-2839 [HIGH] CVE-2023-2839: gpac - Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2. Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2. Scope: local bullseye: open

CVE-2023-23145 [HIGH] CVE-2023-23145: gpac - GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak ... GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2023-48090 [HIGH] CVE-2023-48090: gpac - GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_a... GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329. Scope: local bullseye: open

CVE-2023-5586 [HIGH] CVE-2023-5586: gpac - NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV. NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV. Scope: local bullseye: open

CVE-2023-5998 [HIGH] CVE-2023-5998: gpac - Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. Scope: local bullseye: open

CVE-2023-3523 [HIGH] CVE-2023-3523: gpac - Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. Scope: local bullseye: open

CVE-2023-5520 [HIGH] CVE-2023-5520: gpac - Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. Scope: local bullseye: open

CVE-2023-3012 [HIGH] CVE-2023-3012: gpac - NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. Scope: local bullseye: open

CVE-2023-5377 [HIGH] CVE-2023-5377: gpac - Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV. Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV. Scope: local bullseye: open

CVE-2023-48013 [HIGH] CVE-2023-48013: gpac - GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free v... GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. Scope: local bullseye: open

CVE-2023-48011 [HIGH] CVE-2023-48011: gpac - GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-afte... GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c. Scope: local bullseye: open

CVE-2023-1654 [HIGH] CVE-2023-1654: gpac - Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2023-48014 [HIGH] CVE-2023-48014: gpac - GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflo... GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c. Scope: local bullseye: open

CVE-2023-46426 [HIGH] CVE-2023-46426: gpac - Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40f... Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c. Scope: local bullseye: open