AVG-1823 log

Package gpac
Status Vulnerable
Severity Medium
Type multiple issues
Affected 1:1.0.1-1
Fixed Unknown
Current 1:1.0.1-1 [community]
Ticket Create
Created Wed Apr 14 14:56:53 2021
Issue Severity Remote Type Description
CVE-2021-31262 Low Yes Denial of service
The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31261 Medium Yes Information disclosure
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.
CVE-2021-31260 Low Yes Denial of service
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31259 Low Yes Denial of service
The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted...
CVE-2021-31258 Low Yes Denial of service
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the...
CVE-2021-31257 Low Yes Denial of service
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31256 Medium Yes Information disclosure
A memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-31255 Medium Yes Arbitrary code execution
A buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-31254 Medium Yes Arbitrary code execution
A buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a...
CVE-2021-30199 Low Yes Denial of service
In filters/reframe_latm.c in GPAC 1.0.1 there is a null pointer dereference when gf_filter_pck_get_data is called. The first arg pck may be null with a...
CVE-2021-30022 Low Yes Denial of service
There is an integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not...
CVE-2021-30020 Medium Yes Arbitrary code execution
In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file,...
CVE-2021-30019 Medium Yes Arbitrary code execution
In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size,...
CVE-2021-30015 Low Yes Denial of service
There is a null pointer dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function...
CVE-2021-30014 Low Yes Denial of service
There is an integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash.
CVE-2021-29279 Medium Yes Arbitrary code execution
There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. value->value.data.size can be a negative number, in...
CVE-2021-28300 Medium Yes Arbitrary code execution
A null pointer dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a...
CVE-2020-35982 Low Yes Denial of service
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in...
CVE-2020-35981 Low Yes Denial of service
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
CVE-2020-35980 Medium Yes Arbitrary code execution
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
CVE-2020-35979 Medium Yes Arbitrary code execution
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.