CVE-2018-13006 (NVD)

2018-06-29

An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.

Products Ubuntu_linux, Debian_linux, Gpac
Type Out-of-bounds Read (CWE-125)
First patch https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86
Relevant file/s • ./include/gpac/internal/isomedia_dev.h (modified, +1, -1)
• ./src/isomedia/box_code_base.c (modified, +1, -1)
• ./src/isomedia/box_dump.c (modified, +7, -7)
Links https://usn.ubuntu.com/3926-1/
https://lists.debian.org/debian-lts-announce/2018/07/msg00024.html

gpac - Tree: bceb03fd2b

(? files)

Filter Settings
Files
Navigation
Patch data:

(on by default)


Patched area: