Debian Gpac vulnerabilities

CVE-2023-1448 [MEDIUM] CVE-2023-1448: gpac - A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-... A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch

CVE-2023-5595 [MEDIUM] CVE-2023-5595: gpac - Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV. Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV. Scope: local bullseye: open

CVE-2023-0818 [MEDIUM] CVE-2023-0818: gpac - Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2023-48039 [MEDIUM] CVE-2023-48039: gpac - GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_par... GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75. Scope: local bullseye: open

CVE-2023-4683 [MEDIUM] CVE-2023-4683: gpac - NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2023-37767 [MEDIUM] CVE-2023-37767: gpac - GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation ... GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so. Scope: local bullseye: open

CVE-2023-46930 [MEDIUM] CVE-2023-46930: gpac - GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_... GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14. Scope: local bullseye: open

CVE-2023-46871 [MEDIUM] CVE-2023-46871: gpac - GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak i... GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service. Scope: local bullseye: open

CVE-2023-46927 [MEDIUM] CVE-2023-46927: gpac - GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom... GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box. Scope: local bullseye: open

CVE-2023-23144 [MEDIUM] CVE-2023-23144: gpac - Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unqu... Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2023-4720 [MEDIUM] CVE-2023-4720: gpac - Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac... Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2023-37765 [MEDIUM] CVE-2023-37765: gpac - GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation ... GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so. Scope: local bullseye: open

CVE-2023-46001 [MEDIUM] CVE-2023-46001: gpac - Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master ... Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data. Scope: local bullseye: open

CVE-2023-48958 [MEDIUM] CVE-2023-48958: gpac - gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_ur... gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589. Scope: local bullseye: open

CVE-2023-4722 [MEDIUM] CVE-2023-4722: gpac - Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV. Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2023-39562 [MEDIUM] CVE-2023-39562: gpac - GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-afte... GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file. Scope: local bullseye: open

CVE-2023-2837 [MEDIUM] CVE-2023-2837: gpac - Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. Scope: local bullseye: open

CVE-2023-1449 [MEDIUM] CVE-2023-1449: gpac - A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and class... A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommende

CVE-2023-47465 [MEDIUM] CVE-2023-47465: gpac - An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of... An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c. Scope: local bullseye: open

CVE-2023-50120 [MEDIUM] CVE-2023-50120: gpac - MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain a... MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. Scope: local bullseye: resolved