Headline
CVE-2023-23144: fixed #2364 · gpac/gpac@3a2458a
Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.
@@ -2,7 +2,7 @@
* GPAC - Multimedia Framework C SDK
*
* Authors: Jean Le Feuvre
* Copyright © Telecom ParisTech 2000-2012
* Copyright © Telecom ParisTech 2000-2023
* All rights reserved
*
* This file is part of GPAC / BIFS codec sub-project
@@ -284,7 +284,7 @@ GF_Err Q_DecCoordOnUnitSphere(GF_BifsDecoder *codec, GF_BitStream *bs, u32 NbBit
s32 value;
Fixed tang[4], delta;
s32 dir;
if (NbBits>32) return GF_NON_COMPLIANT_BITSTREAM;
if (NbComp != 2 && NbComp != 3) return GF_BAD_PARAM;
//only 2 or 3 comp in the quantized version
Related news
Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.