Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-23144: fixed #2364 · gpac/gpac@3a2458a

Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.

CVE
#vulnerability#auth

@@ -2,7 +2,7 @@

* GPAC - Multimedia Framework C SDK

*

* Authors: Jean Le Feuvre

* Copyright © Telecom ParisTech 2000-2012

* Copyright © Telecom ParisTech 2000-2023

* All rights reserved

*

* This file is part of GPAC / BIFS codec sub-project

@@ -284,7 +284,7 @@ GF_Err Q_DecCoordOnUnitSphere(GF_BifsDecoder *codec, GF_BitStream *bs, u32 NbBit

s32 value;

Fixed tang[4], delta;

s32 dir;

if (NbBits>32) return GF_NON_COMPLIANT_BITSTREAM;

if (NbComp != 2 && NbComp != 3) return GF_BAD_PARAM;

//only 2 or 3 comp in the quantized version

Related news

Debian Security Advisory 5411-1

Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907