Control: retitle -1 gpac: CVE-2020-35979 CVE-2020-35980 CVE-2020-35981 CVE-2020-35982
On Thu, Apr 22, 2021 at 07:51:50PM +0200, Salvatore Bonaccorso wrote: > Source: gpac > Version: 1.0.1+dfsg1-3 > Severity: grave > Tags: security upstream > Justification: user security hole > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi, > > The following vulnerabilities were published for gpac. Unfortunately > another round of CVEs. I'm not sure if you would actually like to have > to properly separate the CVEs per bug in such massive case, as in > particular we have not checked if as well they cover completely as set > the older version. Anyway, here is the additional list of CVEs > assigned for gpac: > > CVE-2020-23928[0]: > | An issue was discovered in gpac before 1.0.1. The abst_box_read > | function in box_code_adobe.c has a heap-based buffer over-read. > > > CVE-2020-23930[1]: > | An issue was discovered in gpac through 20200801. A NULL pointer > | dereference exists in the function nhmldump_send_header located in > | write_nhml.c. It allows an attacker to cause Denial of Service. > > > CVE-2020-23931[2]: > | An issue was discovered in gpac before 1.0.1. The abst_box_read > | function in box_code_adobe.c has a heap-based buffer over-read. > > > CVE-2020-23932[3]: > | An issue was discovered in gpac before 1.0.1. A NULL pointer > | dereference exists in the function dump_isom_sdp located in > | filedump.c. It allows an attacker to cause Denial of Service. > > > CVE-2020-35979[4]: > | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is > | heap-based buffer overflow in the function gp_rtp_builder_do_avc() in > | ietf/rtp_pck_mpeg4.c. > > > CVE-2020-35980[5]: > | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a > | use-after-free in the function gf_isom_box_del() in > | isomedia/box_funcs.c. > > > CVE-2020-35981[6]: > | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an > | invalid pointer dereference in the function SetupWriters() in > | isomedia/isom_store.c. > > > CVE-2020-35982[7]: > | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an > | invalid pointer dereference in the function gf_hinter_track_finalize() > | in media_tools/isom_hinter.c. > > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2020-23928 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23928 > [1] https://security-tracker.debian.org/tracker/CVE-2020-23930 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23930 > [2] https://security-tracker.debian.org/tracker/CVE-2020-23931 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23931 > [3] https://security-tracker.debian.org/tracker/CVE-2020-23932 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23932 > [4] https://security-tracker.debian.org/tracker/CVE-2020-35979 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35979 > [5] https://security-tracker.debian.org/tracker/CVE-2020-35980 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35980 > [6] https://security-tracker.debian.org/tracker/CVE-2020-35981 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35981 > [7] https://security-tracker.debian.org/tracker/CVE-2020-35982 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35982 Reducing the scope for this bug, as CVE-2020-23928 CVE-2020-23930 CVE-2020-23931 CVE-2020-23932 were already fixed in unstable. Regards, Salvatore
