UbuntuUpdates.org

Package "gpac"

Name: gpac

Description:

GPAC Project on Advanced Content - utilities

Latest version: 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: http://gpac.wp.mines-telecom.fr/

Links


Download "gpac"


Other versions of "gpac" in Bionic

Repository Area Version
base universe 0.5.2-426-gc5ad4e4+dfsg5-3
updates universe 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1 2019-03-28 17:06:38 UTC

  gpac (0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Fix multiple buffer overflow issues
    - debian/patches/CVE-2018-7752-CVE-2018-1000100.patch: fix buffer overflow
      in the gf_media_avc_read_sps
    - debian/patches/CVE-2018-13005-CVE-2018-13006.patch: fixed 2 possible
      heap overflows
    - debian/patches/CVE-2018-20760.patch: check error code on call to
      gf_utf8_wcstombs
    - debian/patches/CVE-2018-20761-CVE-2018-20762.patch: fix some overflows
      due to strcpy
    - debian/patches/CVE-2018-20763.patch: add some boundary checks on
      gf_text_get_utf8_line
    - CVE-2018-7752
    - CVE-2018-13005
    - CVE-2018-13006
    - CVE-2018-20760
    - CVE-2018-20761
    - CVE-2018-20762
    - CVE-2018-20763
    - CVE-2018-1000100

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 19 Mar 2019 17:18:01 -0300

CVE-2018-7752 GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1
CVE-2018-1000100 GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap c
CVE-2018-13005 An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.
CVE-2018-13006 An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.
CVE-2018-20760 In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value
CVE-2018-20761 GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.
CVE-2018-20762 GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box
CVE-2018-20763 In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLine



About   -   Send Feedback to @ubuntu_updates