SB2019041602 - Multiple vulnerabilities in GPAC
Published: April 16, 2019 Updated: July 22, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2019-11222)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the gf_bin128_parse() function in utils/os_divers.c file when processing data in _drm_file.xml file. A remote attacker can supply a specially crafted _drm_file.xmlfile to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Buffer overflow (CVE-ID: CVE-2019-11221)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within gf_import_message() in media_import.c. A remote attacker can create a specially crafted SubRip Subtitle (SRT) file, pass it to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) NULL pointer dereference (CVE-ID: CVE-2019-12481)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box. A remote attacker can perform a denial of service (DoS) attack.
4) NULL pointer dereference (CVE-ID: CVE-2019-12482)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box. A remote attacker can perform a denial of service (DoS) attack.
5) Heap-based buffer overflow (CVE-ID: CVE-2019-12483)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data within the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Out-of-bounds read (CVE-ID: CVE-2019-13618)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the "isomedia/isom_read.c" file, as demonstrated by a crash in "gf_m2ts_sync" function in "media_tools/mpegts.c" file. A remote attacker can pass a specially crafted image to the affected application and perform a denial of service attack.
7) Out-of-bounds write (CVE-ID: CVE-2018-20763)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to due to improper bounds checks on the szLineConv parameter in the gf_text_get_utf8_lin function. A remote attacker can trick the victim into executing the MP4Box command that submits malicious input, trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
8) Buffer overflow (CVE-ID: CVE-2018-20762)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to due to a buffer overflow condition in the cat_multiple_files function. A remote attacker can trick the victim into executing the MP4Box command that submits malicious input, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
9) Buffer overflow (CVE-ID: CVE-2018-20761)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to due to a buffer overflow condition in the gf_sm_load_init function. A remote attacker can trick the victim into executing the MP4Box command that submits malicious input, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
10) Out-of-bounds write (CVE-ID: CVE-2018-20760)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to due to improper handling of a certain -1 return value. A remote attacker can trick the victim into executing the MP4Box command on a SubRip Subtitle (SRT) file that submits malicious input, trigger an out-of-bounds write condition in the gf_text_get_utf8_line function and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.
References
- https://github.com/gpac/gpac/commit/f36525c5beafb78959c3a07d6622c9028de348da
- https://github.com/gpac/gpac/issues/1204
- https://github.com/gpac/gpac/issues/1205
- https://github.com/gpac/gpac/commit/f3698bb1bce62402805c3fda96551a23101a32f9
- https://github.com/gpac/gpac/issues/1203
- https://github.com/gpac/gpac/issues/1249
- https://lists.debian.org/debian-lts-announce/2019/06/msg00030.html
- https://github.com/gpac/gpac/compare/440d475...6b4ab40
- https://github.com/gpac/gpac/issues/1250
- https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b
- https://github.com/gpac/gpac/releases
- https://github.com/gpac/gpac/issues/1188
- https://github.com/gpac/gpac/issues/1187
- https://github.com/gpac/gpac/issues/1186
- https://github.com/gpac/gpac/issues/1177