From 124bfa111802671afbf4390526ad4277515a5998 Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Mon, 20 Sep 2021 14:36:27 +0100 Subject: Record CVEs affecting ccextractor embedding gpac --- data/CVE/list | 26 ++++++++++++++++++++++++++ data/embedded-code-copies | 3 +++ 2 files changed, 29 insertions(+) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index cd50b0eaa7..b641eb541d 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -18738,6 +18738,7 @@ CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function i - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d NOTE: https://github.com/gpac/gpac/issues/1780 CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...) @@ -21064,6 +21065,7 @@ CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011 NOTE: https://github.com/gpac/gpac/issues/1772 CVE-2021-32439 (Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0. ...) @@ -21686,6 +21688,7 @@ CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attacker - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e NOTE: https://github.com/gpac/gpac/issues/1768 CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a d ...) @@ -21698,6 +21701,7 @@ CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4B - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca NOTE: https://github.com/gpac/gpac/issues/1766 CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0. ...) @@ -21717,6 +21721,7 @@ CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to - gpac [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01 NOTE: https://github.com/gpac/gpac/issues/1756 CVE-2021-32133 @@ -24142,6 +24147,7 @@ CVE-2021-31260 (The MergeTrack function in GPAC 1.0.1 allows attackers to cause - gpac 1.0.1+dfsg1-4 (bug #987280) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9 NOTE: https://github.com/gpac/gpac/issues/1736 CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allo ...) @@ -24153,6 +24159,7 @@ CVE-2021-31258 (The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows att - gpac 1.0.1+dfsg1-4 (bug #987280) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e NOTE: https://github.com/gpac/gpac/issues/1706 CVE-2021-31257 (The HintFile function in GPAC 1.0.1 allows attackers to cause a denial ...) @@ -27371,6 +27378,7 @@ CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the h - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 NOTE: https://github.com/gpac/gpac/issues/1721 CVE-2021-30013 @@ -31614,6 +31622,7 @@ CVE-2021-28300 (NULL Pointer Dereference in the "isomedia/track.c" module's "Mer - gpac 1.0.1+dfsg1-4 (bug #987020) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue; can be fixed in next update) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1702 NOTE: https://github.com/gpac/gpac/commit/c4a5109dad73abe25ad12d8d529a728ae98d78ca CVE-2021-28299 @@ -46981,6 +46990,7 @@ CVE-2021-21852 (Multiple exploitable integer overflow vulnerabilities exist with - gpac 1.0.1+dfsg1-5 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) + - ccextractor (bug #994746) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 NOTE: https://github.com/gpac/gpac/commit/592ba2689a3f2fc787371eda490fde4f84e60315 @@ -48243,6 +48253,7 @@ CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i - gpac 1.0.1+dfsg1-4 (bug #987374) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b NOTE: https://github.com/gpac/gpac/issues/1659 CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...) @@ -48250,6 +48261,7 @@ CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There i [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a NOTE: https://github.com/gpac/gpac/issues/1661 CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap ...) @@ -71300,6 +71312,7 @@ CVE-2020-24829 (An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Bo - gpac 1.0.1+dfsg1-2 NOTE: https://github.com/gpac/gpac/issues/1422 NOTE: https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2 + - ccextractor (bug #994746) CVE-2020-24828 RESERVED CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...) @@ -82121,6 +82134,7 @@ CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) [stretch] - gpac (Vulnerable code introduced later) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1272 NOTE: https://github.com/gpac/gpac/commit/c26b0aa605aaea1f0ebe8d21fe1398d94680adf7 (v0.9.0-preview~20) CVE-2020-19750 (An issue was discovered in gpac 0.8.0. The strdup function in box_code ...) @@ -116265,6 +116279,7 @@ CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL po [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue, clean crash, MP42TS not shipped, incomplete patch) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1378 NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS @@ -116273,6 +116288,7 @@ CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL po [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue, clean crash, MP42TS not shipped, incomplete patch) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1377 NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS @@ -120299,6 +120315,7 @@ CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack- - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1348 NOTE: https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e (chunk #1) CVE-2019-20207 @@ -120572,6 +120589,7 @@ CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm - gpac 1.0.1+dfsg1-2 (low) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1337 NOTE: https://github.com/gpac/gpac/commit/72cdc5048dead86bb1df7d21e0b9975e49cf2d97 NOTE: https://github.com/gpac/gpac/commit/2bcca3f1d4605100bb27d3ed7be25b53cddbc75c @@ -120580,6 +120598,7 @@ CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1328 NOTE: https://github.com/gpac/gpac/commit/16856430287cc10f495eb241910b4dc45b193e03 CVE-2019-20169 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) @@ -120624,6 +120643,7 @@ CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1327 NOTE: https://github.com/gpac/gpac/commit/3c0ba42546c8148c51169c3908e845c308746c77 CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) @@ -120631,6 +120651,7 @@ CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1320 NOTE: https://github.com/gpac/gpac/commit/7a09732d4978586e6284e84caa9c301b2fa5e956 CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) @@ -141931,6 +141952,7 @@ CVE-2018-21015 (AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows - gpac 1.0.1+dfsg1-2 (bug #940882) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1179 NOTE: https://github.com/gpac/gpac/commit/0545bb0a01bfac6764c43bd5074e9c2d1eae495f CVE-2019-16342 @@ -150944,6 +150966,7 @@ CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a he - gpac 1.0.1+dfsg1-2 (low; bug #932242) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1250 NOTE: https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...) @@ -155044,6 +155067,7 @@ CVE-2019-12483 (An issue was discovered in GPAC 0.7.1. There is a heap-based buf - gpac 1.0.1+dfsg1-2 (bug #931088) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1249 NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1 CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...) @@ -155051,6 +155075,7 @@ CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d - gpac 1.0.1+dfsg1-2 (bug #931088) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1249 NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1 CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...) @@ -155058,6 +155083,7 @@ CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d - gpac 1.0.1+dfsg1-2 (bug #931088) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) + - ccextractor (bug #994746) NOTE: https://github.com/gpac/gpac/issues/1249 NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1 CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault leading t ...) diff --git a/data/embedded-code-copies b/data/embedded-code-copies index 4e4b33b758..757b1eda4f 100644 --- a/data/embedded-code-copies +++ b/data/embedded-code-copies @@ -3558,3 +3558,6 @@ python-py chezscheme - racket (fork) + +ccextractor + - gpac (modified-embed) -- cgit v1.2.3