Log

AVG-1806 edited at 21 Apr 2021 16:05:40
Ticket
+ 70520
CVE-2020-35982 edited at 21 Apr 2021 16:02:21
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.
References
+ https://github.com/gpac/gpac/issues/1660
+ https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-c4f8bc6e_poc/gf_hinter_track_finalize-null-pointer
+ https://github.com/gpac/gpac/commit/a4eb327049132359cae54b59faec9e2f14c5a619
CVE-2020-35981 edited at 21 Apr 2021 16:01:37
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
References
+ https://github.com/gpac/gpac/issues/1659
+ https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-c4f8bc6e_poc/SetupWriters-null-pointer
+ https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b
CVE-2020-35980 edited at 21 Apr 2021 16:00:35
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
References
+ https://github.com/gpac/gpac/issues/1661
+ https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-c4f8bc6e_poc/gf_isom_box_del-UAF
+ https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a
CVE-2020-35979 edited at 21 Apr 2021 15:59:41
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.
References
+ https://github.com/gpac/gpac/issues/1662
+ https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-c4f8bc6e_poc/gp_rtp_builder_do_avc-hepo
+ https://github.com/gpac/gpac/commit/b15020f54aff24aaeb64b80771472be8e64a7adc
AVG-1823 edited at 21 Apr 2021 15:58:12
Issues
+ CVE-2020-35979
+ CVE-2020-35980
+ CVE-2020-35981
+ CVE-2020-35982
CVE-2021-28300
CVE-2021-30014
CVE-2021-30015
CVE-2021-30019
CVE-2021-30020
CVE-2021-30022
CVE-2021-30199
CVE-2021-31254
CVE-2021-31255
CVE-2021-31256
CVE-2021-31257
CVE-2021-31258
CVE-2021-31259
CVE-2021-31260
CVE-2021-31261
CVE-2021-31262
CVE-2020-35982 created at 21 Apr 2021 15:58:12
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-1823 edited at 21 Apr 2021 15:58:12
Issues
+ CVE-2020-35979
+ CVE-2020-35980
+ CVE-2020-35981
+ CVE-2020-35982
CVE-2021-28300
CVE-2021-30014
CVE-2021-30015
CVE-2021-30019
CVE-2021-30020
CVE-2021-30022
CVE-2021-30199
CVE-2021-31254
CVE-2021-31255
CVE-2021-31256
CVE-2021-31257
CVE-2021-31258
CVE-2021-31259
CVE-2021-31260
CVE-2021-31261
CVE-2021-31262
CVE-2020-35980 created at 21 Apr 2021 15:58:12
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-1823 edited at 21 Apr 2021 15:58:12
Issues
+ CVE-2020-35979
+ CVE-2020-35980
+ CVE-2020-35981
+ CVE-2020-35982
CVE-2021-28300
CVE-2021-30014
CVE-2021-30015
CVE-2021-30019
CVE-2021-30020
CVE-2021-30022
CVE-2021-30199
CVE-2021-31254
CVE-2021-31255
CVE-2021-31256
CVE-2021-31257
CVE-2021-31258
CVE-2021-31259
CVE-2021-31260
CVE-2021-31261
CVE-2021-31262
CVE-2020-35979 created at 21 Apr 2021 15:58:12
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-1823 edited at 21 Apr 2021 15:58:12
Issues
+ CVE-2020-35979
+ CVE-2020-35980
+ CVE-2020-35981
+ CVE-2020-35982
CVE-2021-28300
CVE-2021-30014
CVE-2021-30015
CVE-2021-30019
CVE-2021-30020
CVE-2021-30022
CVE-2021-30199
CVE-2021-31254
CVE-2021-31255
CVE-2021-31256
CVE-2021-31257
CVE-2021-31258
CVE-2021-31259
CVE-2021-31260
CVE-2021-31261
CVE-2021-31262
CVE-2020-35981 created at 21 Apr 2021 15:58:12
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-1854 created at 21 Apr 2021 14:21:55
Packages
+ linux-lts
Issues
+ CVE-2021-23133
+ CVE-2021-29155
Status
+ Testing
Severity
+ Medium
Affected
+ 5.10.31-1
Fixed
+ 5.10.32-1
Ticket
Advisory qualified
+ Yes
References
Notes