CVE-2022-30976

Опубликовано: 18 мая 2022

Источник: debian

Описание

GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gpac	fixed	2.0.0+dfsg1-4		package
gpac	ignored		bullseye	package
gpac	end-of-life		buster	package
gpac	end-of-life		stretch	package

Примечания

https://github.com/gpac/gpac/issues/2179
https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e28888117831ca143d78
When fixing this issue make sure to as well apply (cf. CVE-2022-3178)
https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3
to not open that issue.

Связанные уязвимости

CVE-2022-30976

CVSS3: 7.1

ubuntu

больше 3 лет назад

GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.

CVE-2022-30976

CVSS3: 7.1

nvd

больше 3 лет назад

GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.

GHSA-mf78-vf74-9qc5

CVSS3: 7.1

github

больше 3 лет назад

GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.