Mageia 2021-0431 Critical Security Update: Gpac Heap Overflow Info
mageia
September 23, 2021
A specially crafted MPEG-4 input when decoding the atom for the "co64" FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow t...
Summary
A specially crafted MPEG-4 input when decoding the atom for the "co64"
FOURCC can cause an integer overflow due to unchecked arithmetic resulting
in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21834)
A specially crafted MPEG-4 input using the "ctts" FOURCC code can cause
an integer overflow due to unchecked arithmetic resulting in a
heap-based buffer overflow that causes memory corruption. (CVE-2021-21836)
A specially crafted MPEG-4 input can cause an integer overflow due to
unchecked arithmetic resulting in a heap-based buffer overflow that
causes memory corruption. (CVE-2021-21837, CVE-2021-21838, CVE-2021-21839)
A specially crafted MPEG-4 input used to process an atom using the "saio"
FOURCC code cause an integer overflow due to unchecked arithmetic
resulting in a heap-based buffer overflow that causes memory corruption.
(CVE-2021-21840)
A specially crafted MPEG-4 input when reading an atom using the 'sbgp'
FOURCC code can cause an integer overflow due ...
References
- https://bugs.mageia.org/show_bug.cgi?id=29432
- https://lists.debian.org/debian-security-announce/2021/msg00151.html
- https://www.cve.org/CVERecord?id=CVE-2021-21834
- https://www.cve.org/CVERecord?id=CVE-2021-21836
- https://www.cve.org/CVERecord?id=CVE-2021-21837
- https://www.cve.org/CVERecord?id=CVE-2021-21838
- https://www.cve.org/CVERecord?id=CVE-2021-21839
- https://www.cve.org/CVERecord?id=CVE-2021-21840
- https://www.cve.org/CVERecord?id=CVE-2021-21841
- https://www.cve.org/CVERecord?id=CVE-2021-21842
- https://www.cve.org/CVERecord?id=CVE-2021-21843
- https://www.cve.org/CVERecord?id=CVE-2021-21844
- https://www.cve.org/CVERecord?id=CVE-2021-21845
- https://www.cve.org/CVERecord?id=CVE-2021-21846
- https://www.cve.org/CVERecord?id=CVE-2021-21847
- https://www.cve.org/CVERecord?id=CVE-2021-21848
- https://www.cve.org/CVERecord?id=CVE-2021-21849
- https://www.cve.org/CVERecord?id=CVE-2021-21850
- https://www.cve.org/CVERecord?id=CVE-2021-21853
- https://www.cve.org/CVERecord?id=CVE-2021-21854
- https://www.cve.org/CVERecord?id=CVE-2021-21855
- https://www.cve.org/CVERecord?id=CVE-2021-21857
- https://www.cve.org/CVERecord?id=CVE-2021-21858
- https://www.cve.org/CVERecord?id=CVE-2021-21859
- https://www.cve.org/CVERecord?id=CVE-2021-21860
- https://www.cve.org/CVERecord?id=CVE-2021-21861
Topics Covered
Resolution
SRPMS
- 8/tainted/gpac-1.0.1-1.1.mga8.tainted
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 23 Sep 2021
URL: https://advisories.mageia.org/MGASA-2021-0431.html
Type: security
CVE: CVE-2021-21834,
CVE-2021-21836,
CVE-2021-21837,
CVE-2021-21838,
CVE-2021-21839,
CVE-2021-21840,
CVE-2021-21841,
CVE-2021-21842,
CVE-2021-21843,
CVE-2021-21844,
CVE-2021-21845,
CVE-2021-21846,
CVE-2021-21847,
CVE-2021-21848,
CVE-2021-21849,
CVE-2021-21850,
CVE-2021-21853,
CVE-2021-21854,
CVE-2021-21855,
CVE-2021-21857,
CVE-2021-21858,
CVE-2021-21859,
CVE-2021-21860,
CVE-2021-21861
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!