SB2020010205 - Multiple vulnerabilities in GPAC
Published: January 2, 2020 Updated: January 21, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 vulnerabilities.
1) Memory leak (CVE-ID: CVE-2019-20159)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "dinf_New()" function in the "isomedia/box_code_base.c" file. A remote attacker can cause a denial of service condition on the target system.
2) Memory leak (CVE-ID: CVE-2019-20171)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in the "abst_Read()" function in "isomedia/box_code_adobe.c" file. A remote attacker can cause a denial of service condition on the target system.
3) Memory leak (CVE-ID: CVE-2019-20171)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in the "metx_New()" function in "isomedia/box_code_base.c" file. A remote attacker can cause a denial of service condition on the target system.
4) NULL pointer dereference (CVE-ID: CVE-2019-20170)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the "GF_IPMPX_AUTH_Delete()" function in "odf/ipmpx_code.c" file. A remote attacker can cause a denial of service condition on the target system.
5) Use-after-free (CVE-ID: CVE-2019-20169)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
6) Use-after-free (CVE-ID: CVE-2019-20168)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in the "gf_isom_box_dump_ex()" function in "isomedia/box_funcs.c" file. A remote attacker can cause a denial of service condition on the target system.
7) NULL pointer dereference (CVE-ID: CVE-2019-20167)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the "senc_Parse()" in "isomedia/box_code_drm.c" file. A remote attacker can cause a denial of service condition on the target system.
8) NULL pointer dereference (CVE-ID: CVE-2019-20166)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the "gf_isom_dump()" function in "isomedia/box_dump.c" file. A remote attacker can cause a denial of service condition on the target system.
9) NULL pointer dereference (CVE-ID: CVE-2019-20164)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the "gf_isom_box_del()" function in "isomedia/box_funcs.c" file. A remote attacker can cause a denial of service condition on the target system.
10) NULL pointer dereference (CVE-ID: CVE-2019-20163)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the "gf_odf_avc_cfg_write_bs()" function in "odf/descriptors.c" file. A remote attacker can cause a denial of service condition on the target system.
11) Heap-based buffer overflow (CVE-ID: CVE-2019-20162)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the "gf_isom_box_parse_ex()" function in "isomedia/box_funcs.c" file. A remote attacker can trigger heap-based buffer overflow and cause a denial of service condition on the target system.
12) Heap-based buffer overflow (CVE-ID: CVE-2019-20161)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the "ReadGF_IPMPX_WatermarkingInit()" function in "odf/ipmpx_code.c" file. A remote attacker can trigger heap-based buffer overflow and cause a denial of service condition on the target system.
13) Stack-based buffer overflow (CVE-ID: CVE-2019-20160)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the "av1_parse_tile_group()" function in "media_tools/av_parsers.c" file. A remote unauthenticated attacker can trigger stack-based buffer overflow and cause a denial of service condition on the target system.
14) NULL pointer dereference (CVE-ID: CVE-2019-20165)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the "ilst_item_Read()" function in "isomedia/box_code_apple.c" file. A remote attacker can cause a denial of service condition on the target system.
15) NULL pointer dereference (CVE-ID: CVE-2020-6630)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the "gf_isom_get_media_data_size()" function in isomedia/isom_read.c. A remote attacker can cause a denial of service condition on the target system.
16) NULL pointer dereference (CVE-ID: CVE-2020-6631)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the "gf_m2ts_stream_process_pmt()" function in media_tools/m2ts_mux.c. A remote attacker can cause a denial of service condition on the target system.
17) Stack-based buffer overflow (CVE-ID: CVE-2019-20208)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in "dimC_Read" in isomedia/box_code_3gpp.c. A remote unauthenticated attacker can trigger stack-based buffer overflow and cause a denial of service condition on the target system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://github.com/gpac/gpac/issues/1321
- https://github.com/gpac/gpac/issues/1337
- https://github.com/gpac/gpac/issues/1328
- https://github.com/gpac/gpac/issues/1329
- https://github.com/gpac/gpac/issues/1333
- https://github.com/gpac/gpac/issues/1330
- https://github.com/gpac/gpac/issues/1331
- https://github.com/gpac/gpac/issues/1332
- https://github.com/gpac/gpac/issues/1335
- https://github.com/gpac/gpac/issues/1327
- https://github.com/gpac/gpac/issues/1320
- https://github.com/gpac/gpac/issues/1334
- https://github.com/gpac/gpac/issues/1338
- https://github.com/gpac/gpac/issues/1377
- https://github.com/gpac/gpac/issues/1378
- https://github.com/gpac/gpac/issues/1348
- https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html