Debian LTS: DLA-2072-1: gpac security update

    Date20 Jan 2020
    132
    Posted ByLinuxSecurity Advisories
    Multiple issues were found in gpac, a multimedia framework featuring the MP4Box muxer. CVE-2018-21015
    
    Package        : gpac
    Version        : 0.5.0+svn5324~dfsg1-1+deb8u5
    CVE ID         : CVE-2018-21015 CVE-2018-21016 CVE-2019-13618
                     CVE-2019-20161 CVE-2019-20162 CVE-2019-20163
                     CVE-2019-20165 CVE-2019-20170 CVE-2019-20171 
                     CVE-2019-20208
    Debian Bug     : 940882 932242
    
    Multiple issues were found in gpac, a multimedia framework featuring
    the MP4Box muxer.
    
    CVE-2018-21015
    
        AVC_DuplicateConfig() at isomedia/avc_ext.c allows remote
        attackers to cause a denial of service (NULL pointer dereference
        and application crash) via a crafted file.
    
    CVE-2018-21016
    
        audio_sample_entry_AddBox() at isomedia/box_code_base.c allows
        remote attackers to cause a denial of service (heap-based buffer
        over-read and application crash) via a crafted file.
    
    CVE-2019-13618
    
        isomedia/isom_read.c in libgpac.a has a heap-based buffer
        over-read, as demonstrated by a crash in gf_m2ts_sync in
        media_tools/mpegts.c.
    
    CVE-2019-20161
    
        heap-based buffer overflow in the function
        ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
    
    CVE-2019-20162
    
        heap-based buffer overflow in the function gf_isom_box_parse_ex()
        in isomedia/box_funcs.c.
    
    CVE-2019-20163
    
        NULL pointer dereference in the function gf_odf_avc_cfg_write_bs()
        in odf/descriptors.c.
    
    CVE-2019-20165
    
        NULL pointer dereference in the function ilst_item_Read() in
        isomedia/box_code_apple.c.
    
    CVE-2019-20170
    
        invalid pointer dereference in the function GF_IPMPX_AUTH_Delete()
        in odf/ipmpx_code.c.
    
    CVE-2019-20171
    
        memory leaks in metx_New in isomedia/box_code_base.c and abst_Read
        in isomedia/box_code_adobe.c.
    
    CVE-2019-20208
    
        dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a
        stack-based buffer overflow.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    0.5.0+svn5324~dfsg1-1+deb8u5.
    
    We recommend that you upgrade your gpac packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"35","type":"x","order":"1","pct":92.11,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":5.26,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":2.63,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.