Debian Bug report logs -
#987323
gpac: CVE-2021-29279 CVE-2021-30014 CVE-2021-30015 CVE-2021-30019 CVE-2021-30020 CVE-2021-30022 CVE-2021-30199
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
:
Bug#987323
; Package src:gpac
.
(Wed, 21 Apr 2021 18:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
.
(Wed, 21 Apr 2021 18:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: gpac
Version: 1.0.1+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerabilities were published for gpac, filling a
seprate bug for this set of new CVEs araised yesterday.
CVE-2021-29279[0]:
| There is a integer overflow in function
| filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In
| which, the arg const GF_PropertyValue *value,maybe
| value->value.data.size is a negative number. In result, memcpy in
| gf_props_assign_value failed.
CVE-2021-30014[1]:
| There is a integer overflow in media_tools/av_parsers.c in the
| hevc_parse_slice_segment function in GPAC 1.0.1 which results in a
| crash.
CVE-2021-30015[2]:
| There is a Null Pointer Dereference in function
| filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC
| 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the
| ctx.opid maybe NULL. The result is a crash in
| gf_filter_pck_new_alloc_internal.
CVE-2021-30019[3]:
| In the adts_dmx_process function in filters/reframe_adts.c in GPAC
| 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller
| than ctx->hdr.hdr_size, resulting in size to be a negative number
| and a heap overflow in the memcpy.
CVE-2021-30020[4]:
| In the function gf_hevc_read_pps_bs_internal function in
| media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with
| crafted file, pps->num_tile_columns may be larger than
| sizeof(pps->column_width), which results in a heap overflow in the
| loop.
CVE-2021-30022[5]:
| There is a integer overflow in media_tools/av_parsers.c in the
| gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative
| number, so it will not return. However, avc->pps only has 255 unit,
| so there is an overflow, which results a crash.
CVE-2021-30199[6]:
| In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer
| Dereference, when gf_filter_pck_get_data is called. The first arg pck
| may be null with a crafted mp4 file,which results in a crash.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-29279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29279
[1] https://security-tracker.debian.org/tracker/CVE-2021-30014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30014
[2] https://security-tracker.debian.org/tracker/CVE-2021-30015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30015
[3] https://security-tracker.debian.org/tracker/CVE-2021-30019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30019
[4] https://security-tracker.debian.org/tracker/CVE-2021-30020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30020
[5] https://security-tracker.debian.org/tracker/CVE-2021-30022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30022
[6] https://security-tracker.debian.org/tracker/CVE-2021-30199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30199
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Apr 22 08:07:13 2021;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.