Note:
This project will be discontinued after December 13, 2021. [more]
2019-02-06
GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.
Products | Ubuntu_linux, Debian_linux, Gpac |
Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
First patch |
https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658 |
Relevant file/s |
• ./applications/mp4box/fileimport.c (modified, +20)
• ./applications/mp4client/main.c (modified, +29, -4) • ./modules/ffmpeg_in/ffmpeg_demux.c (modified, +5, -2) • ./src/scene_manager/scene_manager.c (modified, +4) |
Links |
• https://github.com/gpac/gpac/issues/1187
• https://usn.ubuntu.com/3926-1/ • https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: