Debian Gpac vulnerabilities

CVE-2022-1035 [MEDIUM] CVE-2022-1035: gpac - Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to... Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2022-4202 [MEDIUM] CVE-2022-4202: gpac - A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-... A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba

CVE-2022-3222 [MEDIUM] CVE-2022-3222: gpac - Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2022-43044 [MEDIUM] CVE-2022-43044: gpac - GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation v... GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c. Scope: local bullseye: open

CVE-2022-43043 [MEDIUM] CVE-2022-43043: gpac - GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation v... GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c. Scope: local bullseye: open

CVE-2022-29537 [MEDIUM] CVE-2022-29537: gpac - gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based bu... gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2022-27145 [MEDIUM] CVE-2022-27145: gpac - GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerabili... GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2022-27147 [MEDIUM] CVE-2022-27147: gpac - GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerabili... GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2022-47662 [MEDIUM] CVE-2022-47662: gpac - GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due ... GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662 Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2022-1172 [MEDIUM] CVE-2022-1172: gpac - Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpa... Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV. Scope: local bullseye: open

CVE-2022-24576 [MEDIUM] CVE-2022-24576: gpac - GPAC 1.0.1 is affected by Use After Free through MP4Box. GPAC 1.0.1 is affected by Use After Free through MP4Box. Scope: local bullseye: open

CVE-2022-43255 [MEDIUM] CVE-2022-43255: gpac - GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak v... GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2022-46489 [MEDIUM] CVE-2022-46489: gpac - GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory... GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c. Scope: local bullseye: open

CVE-2022-47088 [HIGH] CVE-2022-47088: gpac - GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow. GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow. Scope: local bullseye: resolved

CVE-2022-47092 [HIGH] CVE-2022-47092: gpac - GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerabil... GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316 Scope: local bullseye: resolved

CVE-2022-24249 [MEDIUM] CVE-2022-24249: gpac - A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_w... A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. Scope: local bullseye: resolved

CVE-2022-47087 [HIGH] CVE-2022-47087: gpac - GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_b... GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c Scope: local bullseye: resolved

CVE-2022-43254 [MEDIUM] CVE-2022-43254: gpac - GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak v... GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c. Scope: local bullseye: open

CVE-2022-43040 [HIGH] CVE-2022-43040: gpac - GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer ov... GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c. Scope: local bullseye: resolved

CVE-2022-47658 [HIGH] CVE-2022-47658: gpac - GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in functi... GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039 Scope: local bullseye: resolved