Debian Gpac vulnerabilities

CVE-2023-0770 [HIGH] CVE-2023-0770: gpac - Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2023-4758 [MEDIUM] CVE-2023-4758: gpac - Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV. Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2023-37766 [MEDIUM] CVE-2023-37766: gpac - GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation ... GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so. Scope: local bullseye: open

CVE-2023-37174 [MEDIUM] CVE-2023-37174: gpac - GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation ... GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c. Scope: local bullseye: open

CVE-2023-4778 [MEDIUM] CVE-2023-4778: gpac - Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2023-4756 [MEDIUM] CVE-2023-4756: gpac - Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2023-4755 [MEDIUM] CVE-2023-4755: gpac - Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV. Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2023-41000 [MEDIUM] CVE-2023-41000: gpac - GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_fl... GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c. Scope: local bullseye: open

CVE-2023-4682 [MEDIUM] CVE-2023-4682: gpac - Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2023-0841 [MEDIUM] CVE-2023-0841: gpac - A vulnerability, which was classified as critical, has been found in GPAC 2.3-DE... A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this

CVE-2023-47384 [MEDIUM] CVE-2023-47384: gpac - MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory... MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. Scope: local bullseye: open

CVE-2023-4754 [MEDIUM] CVE-2023-4754: gpac - Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2023-4681 [MEDIUM] CVE-2023-4681: gpac - NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2023-46928 [MEDIUM] CVE-2023-46928: gpac - GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media... GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42. Scope: local bullseye: open

CVE-2023-4679 [MEDIUM] CVE-2023-4679: gpac - A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specif... A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash. Scope: local bullseye: open

CVE-2023-42298 [MEDIUM] CVE-2023-42298: gpac - An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a deni... An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c. Scope: local bullseye: open

CVE-2023-46931 [MEDIUM] CVE-2023-46931: gpac - GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_p... GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box. Scope: local bullseye: open

CVE-2023-4721 [MEDIUM] CVE-2023-4721: gpac - Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2023-4678 [MEDIUM] CVE-2023-4678: gpac - Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV. Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2023-1452 [MEDIUM] CVE-2023-1452: gpac - A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been d... A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to ap