Описание
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gpac | fixed | 2.0.0+dfsg1-2 | package | |
| gpac | not-affected | buster | package | |
| gpac | not-affected | stretch | package | |
| ccextractor | fixed | 0.93+ds2-1 | package | |
| ccextractor | not-affected | bullseye | package | |
| ccextractor | not-affected | buster | package |
Примечания
https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a (v2.0.0)
https://github.com/gpac/gpac/issues/1661
Introduced by https://github.com/gpac/gpac/commit/51dadae6c790af3f639c4d9d660658b2848b51a0
The vulnerability refers to the stbl member of the TrackWriter struct in isom_writer.c, which was only introduced in 51dadae6c7
EPSS
Связанные уязвимости
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
EPSS