Описание
The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gpac | fixed | 2.0.0+dfsg1-2 | package | |
| gpac | ignored | bullseye | package | |
| gpac | ignored | buster | package | |
| gpac | ignored | stretch | package | |
| ccextractor | fixed | 0.93+ds2-1 | package | |
| ccextractor | not-affected | bullseye | package | |
| ccextractor | not-affected | buster | package |
Примечания
https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01 (v2.0.0)
https://github.com/gpac/gpac/issues/1756
The POC from the GitHub issue produces a SIGSEV in the stretch/buster version of gpac, but in an entirely different call chain; it appears to be a different issue altogether
It isn't clear if that means this CVE doesn't apply to stretch/buster, or if it is masking the issue with an earlier failure
EPSS
Связанные уязвимости
The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
Уязвимость функции gf_odf_desc_copy команды MP4Box мультимедийной платформы GPAC, позволяющая нарушителю вызвать отказ в обслуживании
EPSS