Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Mageia 7 Advisory: 2020-0137 Critical: GPAC Denial Of Service

mageia
Calendar Grey March 10, 2020
Dist Mageia Esm H88
Recent updates to GPAC packages resolve critical vulnerabilities and address potential denial of service threats present in the Mageia distribution. Discover further details.
The updated packages fix security vulnerabilities: AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer der...

Summary

The updated packages fix security vulnerabilities:
AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL. (CVE-2018-21015)
audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (CVE-2018-21016)
In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c. (CVE-2019-13618)
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. (CVE-2019-20161)
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26131

- https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html

- https://www.cve.org/CVERecord?id=CVE-2018-21015

- https://www.cve.org/CVERecord?id=CVE-2018-21016

- https://www.cve.org/CVERecord?id=CVE-2019-13618

- https://www.cve.org/CVERecord?id=CVE-2019-20161

- https://www.cve.org/CVERecord?id=CVE-2019-20162

- https://www.cve.org/CVERecord?id=CVE-2019-20163

- https://www.cve.org/CVERecord?id=CVE-2019-20165

- https://www.cve.org/CVERecord?id=CVE-2019-20170

- https://www.cve.org/CVERecord?id=CVE-2019-20171

- https://www.cve.org/CVERecord?id=CVE-2019-20208

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow application crash mageia gpac

Resolution

SRPMS

- 7/tainted/gpac-0.7.1-6.1.mga7.tainted

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 10 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0137.html
Type: security
CVE: CVE-2018-21015, CVE-2018-21016, CVE-2019-13618, CVE-2019-20161, CVE-2019-20162, CVE-2019-20163, CVE-2019-20165, CVE-2019-20170, CVE-2019-20171, CVE-2019-20208

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow application crash mageia gpac

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here