MGASA-2020-0137

The updated packages fix security vulnerabilities:

AVCDuplicateConfig() at isomedia/avcext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL. (CVE-2018-21015)

audiosampleentryAddBox() at isomedia/boxcode_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (CVE-2018-21016)

In GPAC before 0.8.0, isomedia/isomread.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gfm2tssync in mediatools/mpegts.c. (CVE-2019-13618)

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is heap-based buffer overflow in the function ReadGFIPMPXWatermarkingInit() in odf/ipmpx_code.c. (CVE-2019-20161)

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is heap-based buffer overflow in the function gfisomboxparseex() in isomedia/box_funcs.c. (CVE-2019-20162)

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is a NULL pointer dereference in the function gfodfavccfgwrite_bs() in odf/descriptors.c. (CVE-2019-20163)

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is a NULL pointer dereference in the function ilstitemRead() in isomedia/boxcodeapple.c. (CVE-2019-20165)

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is an invalid pointer dereference in the function GFIPMPXAUTHDelete() in odf/ipmpxcode.c. (CVE-2019-20170)

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There are memory leaks in metxNew in isomedia/boxcodebase.c and abstRead in isomedia/boxcodeadobe.c. (CVE-2019-20171)

dimCRead in isomedia/boxcode_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow. (CVE-2019-20208)