Debian Gpac vulnerabilities

CVE-2022-36186 [HIGH] CVE-2022-36186: gpac - A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-maste... A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1. Scope: local bullseye: resolved

CVE-2022-43039 [MEDIUM] CVE-2022-43039: gpac - GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation v... GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c. Scope: local bullseye: resolved

CVE-2022-27146 [MEDIUM] CVE-2022-27146: gpac - GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerabilit... GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. Scope: local bullseye: resolved

CVE-2022-27148 [MEDIUM] CVE-2022-27148: gpac - GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflo... GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. Scope: local bullseye: resolved

CVE-2022-45204 [MEDIUM] CVE-2022-45204: gpac - GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak v... GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c. Scope: local bullseye: resolved

CVE-2022-3178 [HIGH] CVE-2022-3178: gpac - Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. Scope: local bullseye: resolved

CVE-2022-47656 [HIGH] CVE-2022-47656: gpac - GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hev... GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273 Scope: local bullseye: resolved

CVE-2022-47089 [HIGH] CVE-2022-47089: gpac - GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vv... GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c Scope: local bullseye: resolved

CVE-2022-47653 [HIGH] CVE-2022-47653: gpac - GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_u... GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113 Scope: local bullseye: resolved

CVE-2021-28300 [CRITICAL] CVE-2021-28300: ccextractor - NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" funct... NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file. Scope: local bullseye: open

CVE-2021-21842 [HIGH] CVE-2021-21842: gpac - An exploitable integer overflow vulnerability exists within the MPEG-4 decoding ... An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An

CVE-2021-40571 [HIGH] CVE-2021-40571: gpac - The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_... The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-32271 [HIGH] CVE-2021-32271: gpac - An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists... An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2021-21834 [HIGH] CVE-2021-21834: gpac - An exploitable integer overflow vulnerability exists within the MPEG-4 decoding ... An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker

CVE-2021-21848 [HIGH] CVE-2021-21848: gpac - An exploitable integer overflow vulnerability exists within the MPEG-4 decoding ... An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based b

CVE-2021-21847 [HIGH] CVE-2021-21847: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user

CVE-2021-40574 [HIGH] CVE-2021-40574: gpac - The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerab... The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-40570 [HIGH] CVE-2021-40570: gpac - The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compu... The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

CVE-2021-21841 [HIGH] CVE-2021-21841: gpac - An exploitable integer overflow vulnerability exists within the MPEG-4 decoding ... An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An atta

CVE-2021-21858 [HIGH] CVE-2021-21858: gpac - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 de... Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a