Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-3178: fixed #2255 · gpac/gpac@7751077

Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.

CVE
#git

@@ -12886,11 +12886,12 @@ GF_Err xtra_box_read(GF_Box *s, GF_BitStream *bs)

prop_type = gf_bs_read_u16(bs);

prop_size -= 6;

ISOM_DECREASE_SIZE_NO_ERR(ptr, prop_size)

//add 2 extra bytes for UTF16 case string dump

data2 = gf_malloc(sizeof(char) * (prop_size+2));

//add 3 extra bytes for UTF16 case string dump (3 because we need 0-aligned short value)

data2 = gf_malloc(sizeof(char) * (prop_size+3));

gf_bs_read_data(bs, data2, prop_size);

data2[prop_size] = 0;

data2[prop_size+1] = 0;

data2[prop_size+2] = 0;

tag_size-=prop_size;

} else {

prop_size = 0;

Related news

Gentoo Linux Security Advisory 202408-21

Gentoo Linux Security Advisory 202408-21 - Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.2.0 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907