Source: gpac X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerabilities were published for gpac. CVE-2023-2837[0]: | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/ https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611 CVE-2023-2838[1]: | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/ https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba CVE-2023-2839[2]: | Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2. https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/ https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac CVE-2023-2840[3]: | NULL Pointer Dereference in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/ https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-2837 https://www.cve.org/CVERecord?id=CVE-2023-2837 [1] https://security-tracker.debian.org/tracker/CVE-2023-2838 https://www.cve.org/CVERecord?id=CVE-2023-2838 [2] https://security-tracker.debian.org/tracker/CVE-2023-2839 https://www.cve.org/CVERecord?id=CVE-2023-2839 [3] https://security-tracker.debian.org/tracker/CVE-2023-2840 https://www.cve.org/CVERecord?id=CVE-2023-2840 Please adjust the affected versions in the BTS as needed.
