Closed ckauhaus closed 1 year ago
See also: #168666
https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb https://github.com/gpac/gpac/commit/1773b7a34bc08734aee7d3f5dfe65d06389fe15a
Both fixed in 2.2.0, which we upgraded to in d200764b366cb6b1a29601378650e2692765a7cc.
gpac2 (2.0.0) was marked vulnerable in https://github.com/gpac/gpac/commit/1773b7a34bc08734aee7d3f5dfe65d06389fe15a.
search, files
CVE details
CVE-2022-1441
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function
diST_box_read()
to read from video. In this function, it allocates a bufferstr
with fixed length. However, content read frombs
is controllable by user, so is the length, which causes a buffer overflow.CVE-2022-29537
gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box.
Scanned versions: nixos-unstable: f419dc5763c.
Cc @bluescreen303 Cc @mgdelacroix