[Git][security-tracker-team/security-tracker][master] Record CVEs affecting ccextractor embedding gpac
Neil Williams (@codehelp)
codehelp at debian.org
Mon Sep 20 14:37:47 BST 2021
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
124bfa11 by Neil Williams at 2021-09-20T14:37:22+01:00
Record CVEs affecting ccextractor embedding gpac
- - - - -
2 changed files:
- data/CVE/list
- data/embedded-code-copies
Changes:
=====================================
data/CVE/list
=====================================
@@ -18738,6 +18738,7 @@ CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function i
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d
NOTE: https://github.com/gpac/gpac/issues/1780
CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...)
@@ -21064,6 +21065,7 @@ CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
[stretch] - gpac <ignored> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011
NOTE: https://github.com/gpac/gpac/issues/1772
CVE-2021-32439 (Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0. ...)
@@ -21686,6 +21688,7 @@ CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attacker
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e
NOTE: https://github.com/gpac/gpac/issues/1768
CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a d ...)
@@ -21698,6 +21701,7 @@ CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4B
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca
NOTE: https://github.com/gpac/gpac/issues/1766
CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0. ...)
@@ -21717,6 +21721,7 @@ CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
[buster] - gpac <ignored> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01
NOTE: https://github.com/gpac/gpac/issues/1756
CVE-2021-32133
@@ -24142,6 +24147,7 @@ CVE-2021-31260 (The MergeTrack function in GPAC 1.0.1 allows attackers to cause
- gpac 1.0.1+dfsg1-4 (bug #987280)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9
NOTE: https://github.com/gpac/gpac/issues/1736
CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allo ...)
@@ -24153,6 +24159,7 @@ CVE-2021-31258 (The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows att
- gpac 1.0.1+dfsg1-4 (bug #987280)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e
NOTE: https://github.com/gpac/gpac/issues/1706
CVE-2021-31257 (The HintFile function in GPAC 1.0.1 allows attackers to cause a denial ...)
@@ -27371,6 +27378,7 @@ CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the h
- gpac 1.0.1+dfsg1-4 (bug #987323)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
NOTE: https://github.com/gpac/gpac/issues/1721
CVE-2021-30013
@@ -31614,6 +31622,7 @@ CVE-2021-28300 (NULL Pointer Dereference in the "isomedia/track.c" module's "Mer
- gpac 1.0.1+dfsg1-4 (bug #987020)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <postponed> (Minor issue; can be fixed in next update)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1702
NOTE: https://github.com/gpac/gpac/commit/c4a5109dad73abe25ad12d8d529a728ae98d78ca
CVE-2021-28299
@@ -46981,6 +46990,7 @@ CVE-2021-21852 (Multiple exploitable integer overflow vulnerabilities exist with
- gpac 1.0.1+dfsg1-5
[buster] - gpac <not-affected> (Vulnerable code not present)
[stretch] - gpac <not-affected> (Vulnerable code not present)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
NOTE: https://github.com/gpac/gpac/commit/592ba2689a3f2fc787371eda490fde4f84e60315
@@ -48243,6 +48253,7 @@ CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i
- gpac 1.0.1+dfsg1-4 (bug #987374)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b
NOTE: https://github.com/gpac/gpac/issues/1659
CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...)
@@ -48250,6 +48261,7 @@ CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a
NOTE: https://github.com/gpac/gpac/issues/1661
CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap ...)
@@ -71300,6 +71312,7 @@ CVE-2020-24829 (An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Bo
- gpac 1.0.1+dfsg1-2
NOTE: https://github.com/gpac/gpac/issues/1422
NOTE: https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2
+ - ccextractor <unfixed> (bug #994746)
CVE-2020-24828
RESERVED
CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
@@ -82121,6 +82134,7 @@ CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool
- gpac 1.0.1+dfsg1-2
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <not-affected> (Vulnerable code introduced later)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1272
NOTE: https://github.com/gpac/gpac/commit/c26b0aa605aaea1f0ebe8d21fe1398d94680adf7 (v0.9.0-preview~20)
CVE-2020-19750 (An issue was discovered in gpac 0.8.0. The strdup function in box_code ...)
@@ -116265,6 +116279,7 @@ CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL po
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <postponed> (Minor issue, clean crash, MP42TS not shipped, incomplete patch)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1378
NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS
@@ -116273,6 +116288,7 @@ CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL po
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <postponed> (Minor issue, clean crash, MP42TS not shipped, incomplete patch)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1377
NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS
@@ -120299,6 +120315,7 @@ CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-
- gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1348
NOTE: https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e (chunk #1)
CVE-2019-20207
@@ -120572,6 +120589,7 @@ CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
- gpac 1.0.1+dfsg1-2 (low)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1337
NOTE: https://github.com/gpac/gpac/commit/72cdc5048dead86bb1df7d21e0b9975e49cf2d97
NOTE: https://github.com/gpac/gpac/commit/2bcca3f1d4605100bb27d3ed7be25b53cddbc75c
@@ -120580,6 +120598,7 @@ CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
- gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1328
NOTE: https://github.com/gpac/gpac/commit/16856430287cc10f495eb241910b4dc45b193e03
CVE-2019-20169 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
@@ -120624,6 +120643,7 @@ CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
- gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1327
NOTE: https://github.com/gpac/gpac/commit/3c0ba42546c8148c51169c3908e845c308746c77
CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
@@ -120631,6 +120651,7 @@ CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
- gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1320
NOTE: https://github.com/gpac/gpac/commit/7a09732d4978586e6284e84caa9c301b2fa5e956
CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
@@ -141931,6 +141952,7 @@ CVE-2018-21015 (AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows
- gpac 1.0.1+dfsg1-2 (bug #940882)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1179
NOTE: https://github.com/gpac/gpac/commit/0545bb0a01bfac6764c43bd5074e9c2d1eae495f
CVE-2019-16342
@@ -150944,6 +150966,7 @@ CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a he
- gpac 1.0.1+dfsg1-2 (low; bug #932242)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1250
NOTE: https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b
CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...)
@@ -155044,6 +155067,7 @@ CVE-2019-12483 (An issue was discovered in GPAC 0.7.1. There is a heap-based buf
- gpac 1.0.1+dfsg1-2 (bug #931088)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...)
@@ -155051,6 +155075,7 @@ CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d
- gpac 1.0.1+dfsg1-2 (bug #931088)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...)
@@ -155058,6 +155083,7 @@ CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d
- gpac 1.0.1+dfsg1-2 (bug #931088)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor <unfixed> (bug #994746)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault leading t ...)
=====================================
data/embedded-code-copies
=====================================
@@ -3558,3 +3558,6 @@ python-py
chezscheme
- racket <unfixable> (fork)
+
+ccextractor
+ - gpac <unfixed> (modified-embed)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/124bfa111802671afbf4390526ad4277515a5998
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/124bfa111802671afbf4390526ad4277515a5998
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210920/2224184d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list