CVE-2022-29339

In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type: GIT
Repo: https://github.com/gpac/gpac
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9ea93a2ec8f555ceed1ee27294cf94822f14f10f

Affected versions

v0.*

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.8.0

v0.9.0

v0.9.0-preview

v1.*

v1.0.0

v1.0.1

v2.*

v2.0.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2022-29339-36320841",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "27575333260924690271723913316090272038",
                "64638723455000336939237518752767024593",
                "253389244818062813510678942609131990342",
                "279134304543995930010885174613407233724",
                "90951849340193993840501071466260652457",
                "325797938289522527109820330036149983210",
                "78510171607874770445069673736675445370",
                "10578607602837085915291224640341709624",
                "306004570729267716097593832496510913697"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/utils/bitstream.c"
        },
        "source": "https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f"
    },
    {
        "id": "CVE-2022-29339-7d565072",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "32088175604351725917180542508950921817",
                "238289934137728617752168701117016145753",
                "176144163535163467443320558712025829705",
                "338687548756205230613693655554673930840",
                "144488879647433581182224668752128073225",
                "280237386832865451553269162699834705268",
                "197085688877277167196390899258792622269",
                "213380009366960473395808344196122007297",
                "50224566043393619122609006312934327307",
                "119856942823941705326339822668129204990",
                "188936008438504283206872159764526239387",
                "192379792467368796067536764385559859933"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/isomedia/avc_ext.c"
        },
        "source": "https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f"
    },
    {
        "id": "CVE-2022-29339-d0815737",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "294544517170266289881408795606339015394",
            "length": 3022.0
        },
        "target": {
            "file": "src/isomedia/avc_ext.c",
            "function": "gf_isom_oinf_read_entry"
        },
        "source": "https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f"
    },
    {
        "id": "CVE-2022-29339-fa4d31b9",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "51057711861188235736429334094404599876",
            "length": 1702.0
        },
        "target": {
            "file": "src/utils/bitstream.c",
            "function": "BS_ReadByte"
        },
        "source": "https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f"
    }
]