Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for gpac. CVE-2023-1448[1]: | A vulnerability, which was classified as problematic, was found in | GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function | gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation | leads to heap-based buffer overflow. Attacking locally is a | requirement. The exploit has been disclosed to the public and may be | used. It is recommended to apply a patch to fix this issue. The | identifier VDB-223293 was assigned to this vulnerability. https://github.com/gpac/gpac/issues/2388 https://github.com/gpac/gpac/commit/8db20cb634a546c536c31caac94e1f74b778b463 CVE-2023-1449[2]: | A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master | and classified as problematic. This vulnerability affects the function | gf_av1_reset_state of the file media_tools/av_parsers.c. The | manipulation leads to double free. It is possible to launch the attack | on the local host. The exploit has been disclosed to the public and | may be used. It is recommended to apply a patch to fix this issue. | VDB-223294 is the identifier assigned to this vulnerability. https://github.com/gpac/gpac/issues/2387 https://github.com/gpac/gpac/commit/8ebbfd61c73d61a2913721a492e5a81fb8d9f9a9 CVE-2023-1452[3]: | A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It | has been declared as critical. Affected by this vulnerability is an | unknown functionality of the file filters/load_text.c. The | manipulation leads to buffer overflow. Local access is required to | approach this attack. The exploit has been disclosed to the public and | may be used. It is recommended to apply a patch to fix this issue. The | identifier VDB-223297 was assigned to this vulnerability. https://github.com/gpac/gpac/issues/2386 https://github.com/gpac/gpac/commit/a5efec8187de02d1f0a412140b0bf030a6747d3f CVE-2023-1654[4]: | Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. https://huntr.dev/bounties/33652b56-128f-41a7-afcc-10641f69ff14 https://github.com/gpac/gpac/commit/2c055153d401b8c49422971e3a0159869652d3da CVE-2023-1655[5]: | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.4.0. https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9 https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f952bcdf55af1dd6e919f4 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-0841 https://www.cve.org/CVERecord?id=CVE-2023-0841 [1] https://security-tracker.debian.org/tracker/CVE-2023-1448 https://www.cve.org/CVERecord?id=CVE-2023-1448 [2] https://security-tracker.debian.org/tracker/CVE-2023-1449 https://www.cve.org/CVERecord?id=CVE-2023-1449 [3] https://security-tracker.debian.org/tracker/CVE-2023-1452 https://www.cve.org/CVERecord?id=CVE-2023-1452 [4] https://security-tracker.debian.org/tracker/CVE-2023-1654 https://www.cve.org/CVERecord?id=CVE-2023-1654 [5] https://security-tracker.debian.org/tracker/CVE-2023-1655 https://www.cve.org/CVERecord?id=CVE-2023-1655 Please adjust the affected versions in the BTS as needed.
