Source: gpac Version: 1.0.1+dfsg1-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for gpac, filling a seprate bug for this set of new CVEs araised yesterday. CVE-2021-29279[0]: | There is a integer overflow in function | filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In | which, the arg const GF_PropertyValue *value,maybe | value->value.data.size is a negative number. In result, memcpy in | gf_props_assign_value failed. CVE-2021-30014[1]: | There is a integer overflow in media_tools/av_parsers.c in the | hevc_parse_slice_segment function in GPAC 1.0.1 which results in a | crash. CVE-2021-30015[2]: | There is a Null Pointer Dereference in function | filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC | 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the | ctx.opid maybe NULL. The result is a crash in | gf_filter_pck_new_alloc_internal. CVE-2021-30019[3]: | In the adts_dmx_process function in filters/reframe_adts.c in GPAC | 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller | than ctx->hdr.hdr_size, resulting in size to be a negative number | and a heap overflow in the memcpy. CVE-2021-30020[4]: | In the function gf_hevc_read_pps_bs_internal function in | media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with | crafted file, pps->num_tile_columns may be larger than | sizeof(pps->column_width), which results in a heap overflow in the | loop. CVE-2021-30022[5]: | There is a integer overflow in media_tools/av_parsers.c in the | gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative | number, so it will not return. However, avc->pps only has 255 unit, | so there is an overflow, which results a crash. CVE-2021-30199[6]: | In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer | Dereference, when gf_filter_pck_get_data is called. The first arg pck | may be null with a crafted mp4 file,which results in a crash. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-29279 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29279 [1] https://security-tracker.debian.org/tracker/CVE-2021-30014 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30014 [2] https://security-tracker.debian.org/tracker/CVE-2021-30015 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30015 [3] https://security-tracker.debian.org/tracker/CVE-2021-30019 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30019 [4] https://security-tracker.debian.org/tracker/CVE-2021-30020 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30020 [5] https://security-tracker.debian.org/tracker/CVE-2021-30022 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30022 [6] https://security-tracker.debian.org/tracker/CVE-2021-30199 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30199 Please adjust the affected versions in the BTS as needed. Regards, Salvatore