Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2837: fixed #2473 · gpac/gpac@6f28c4c

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.

CVE
#git#buffer_overflow

Expand Up

@@ -191,6 +191,7 @@ struct _tag_sax_parser

GF_XMLAttribute *attrs;

GF_XMLSaxAttribute *sax_attrs;

u32 nb_attrs, nb_alloc_attrs;

u32 ent_rec_level;

};

static GF_XMLSaxAttribute *xml_get_sax_attribute(GF_SAXParser *parser)

Expand Down Expand Up

@@ -902,7 +903,14 @@ static GF_Err xml_sax_parse(GF_SAXParser *parser, Bool force_parse)

parser->line_size = 0;

parser->elt_start_pos = 0;

parser->sax_state = SAX_STATE_TEXT_CONTENT;

e = gf_xml_sax_parse_intern(parser, orig_buf);

parser->ent_rec_level++;

if (parser->ent_rec_level>100) {

GF_LOG(GF_LOG_WARNING, GF_LOG_CORE, ("[XML] Too many recursions in entity solving, max 100 allowed\n"));

e = GF_NOT_SUPPORTED;

} else {

e = gf_xml_sax_parse_intern(parser, orig_buf);

parser->ent_rec_level–;

}

gf_free(orig_buf);

return e;

}

Expand Down Expand Up

@@ -1075,8 +1083,9 @@ static GF_Err gf_xml_sax_parse_intern(GF_SAXParser *parser, char *current)

/*append entity*/

line_num = parser->line;

xml_sax_append_string(parser, ent->value);

xml_sax_parse(parser, GF_TRUE);

GF_Err e = xml_sax_parse(parser, GF_TRUE);

parser->line = line_num;

if (e) return e;

}

xml_sax_append_string(parser, current);

Expand Down

Related news

Debian Security Advisory 5411-1

Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907