Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-1441: fixed #2175 · gpac/gpac@3dbe11b

MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function diST_box_read() to read from video. In this function, it allocates a buffer str with fixed length. However, content read from bs is controllable by user, so is the length, which causes a buffer overflow.

CVE
#buffer_overflow#rpm

Expand Up

@@ -1128,20 +1128,12 @@ void diST_box_del(GF_Box *s)

GF_Err diST_box_read(GF_Box *s, GF_BitStream *bs)

{

u32 i;

char str[1024];

GF_DIMSScriptTypesBox *p = (GF_DIMSScriptTypesBox *)s;

i=0;

str[0]=0;

while (1) {

str[i] = gf_bs_read_u8(bs);

if (!str[i]) break;

i++;

}

ISOM_DECREASE_SIZE(p, i);

p->content_script_types = gf_strdup(str);

p->content_script_types = gf_malloc(sizeof(char) * (s->size+1));

if (!p->content_script_types) return GF_OUT_OF_MEM;

gf_bs_read_data(bs, p->content_script_types, s->size);

p->content_script_types[s->size] = 0;

return GF_OK;

}

Expand Down

Related news

Gentoo Linux Security Advisory 202408-21

Gentoo Linux Security Advisory 202408-21 - Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.2.0 are affected.

Debian Security Advisory 5411-1

Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907