[Git][security-tracker-team/security-tracker][master] Add new gpac issues

Sun Jan 23 13:47:41 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dcb67adb by Salvatore Bonaccorso at 2022-01-23T14:47:15+01:00
Add new gpac issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2879,19 +2879,31 @@ CVE-2021-46242 (HDF5 v1.13.1-1 was discovered to contain a heap-use-after free v
 CVE-2021-46241
 	RESERVED
 CVE-2021-46240 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/2028
+	NOTE: https://github.com/gpac/gpac/commit/31eb879ea67b3a6ff67d3211f4c6b83369d4898d
 CVE-2021-46239 (The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid  ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/2026
+	NOTE: https://github.com/gpac/gpac/commit/4e1215758fa89455e8de1262df36f11740bb1bc4
 CVE-2021-46238 (GPAC v1.1.0 was discovered to contain a stack overflow via the functio ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/2027
+	NOTE: https://github.com/gpac/gpac/commit/4b9736ab8c9274db5858e5bf9fe0470bc3e7b6cf
 CVE-2021-46237 (An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 v ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/2033
+	NOTE: https://github.com/gpac/gpac/commit/3cc122ad664a2355cce9784f50b59c6272d43f00
 CVE-2021-46236 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/2024
+	NOTE: https://github.com/gpac/gpac/commit/6a5effb57153cb05e72f6e9bd72afefc334a673d
 CVE-2021-46235
 	RESERVED
 CVE-2021-46234 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/2023
+	NOTE: https://github.com/gpac/gpac/commit/70c6f6f832dccff814a19a74d87b97b3d68a4af5
 CVE-2021-46233
 	RESERVED
 CVE-2021-46232
@@ -5864,21 +5876,31 @@ CVE-2021-45769 (A NULL pointer dereference in AcseConnection_parseMessage at src
 CVE-2021-45768
 	RESERVED
 CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1982
+	NOTE: https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde
 CVE-2021-45766
 	RESERVED
 CVE-2021-45765
 	RESERVED
 CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1971
+	NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb
 CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function  ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1974
+	NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec
 CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1978
+	NOTE: https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788
 CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address derefe ...)
 	TODO: check
 CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1966
+	NOTE: https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea
 CVE-2021-45759
 	RESERVED
 CVE-2021-45758
@@ -23370,41 +23392,73 @@ CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerabilit
 CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
 	NOT-FOR-US: Sourcecodester
 CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1904
+	NOTE: https://github.com/gpac/gpac/commit/ad18ece95fa064efc0995c4ab2c985f77fb166ec
 CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1905
+	NOTE: https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858
 CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1897
+	NOTE: https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb
 CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1891
+	NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a
 CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1893
+	NOTE: https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109
 CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1895
+	NOTE: https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340
 CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1899
+	NOTE: https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302
 CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1890
+	NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a
 CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1900
+	NOTE: https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30
 CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the  ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1889
+	NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816
 CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1887
+	NOTE: https://github.com/gpac/gpac/commit/96047e0e6166407c40cc19f4e94fb35cd7624391
 CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1902
+	NOTE: https://github.com/gpac/gpac/commit/893fb99b606eebfae46cde151846a980e689039b
 CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability  ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1898
+	NOTE: https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618
 CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists  ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1892
+	NOTE: https://github.com/gpac/gpac/commit/5ce0c906ed8599d218036b18b78e8126a496f137
 CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1901
+	NOTE: https://github.com/gpac/gpac/commit/5dd71c7201a3e5cf40732d585bfb21c906c171d3
 CVE-2021-40561
 	RESERVED
 CVE-2021-40560
 	RESERVED
 CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1886
+	NOTE: https://github.com/gpac/gpac/commit/70607fc71a671cf48a05e013a4e411429373dce7
 CVE-2021-40558
 	RESERVED
 CVE-2021-40557
@@ -33668,7 +33722,9 @@ CVE-2021-36419
 CVE-2021-36418
 	RESERVED
 CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1846
+	NOTE: https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30
 CVE-2021-36416
 	RESERVED
 CVE-2021-36415
@@ -92868,7 +92924,9 @@ CVE-2020-25429
 CVE-2020-25428
 	RESERVED
 CVE-2020-25427 (A Null pointer dereference vulnerability exits in MP4Box - GPAC versio ...)
-	TODO: check
+	- gpac <unfixed>
+	NOTE: https://github.com/gpac/gpac/issues/1406
+	NOTE: https://github.com/gpac/gpac/commit/8e585e623b1d666b4ef736ed609264639cb27701
 CVE-2020-25426
 	RESERVED
 CVE-2020-25425



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcb67adb56e0265dcc55fd027758b08da936ce77

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcb67adb56e0265dcc55fd027758b08da936ce77
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220123/6c0255dc/attachment.htm>
