CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-20763
https://notcve.org/view.php?id=CVE-2018-20763
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. GPAC versión 0.7.1 y anteriores, gf_text_get_utf8_line en media_tools/text_import.c en libgpac_static.a permite una escritura fuera de límites debido a la falta de comprobación de límites szLineConv. • https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd https://github.com/gpac/gpac/issues/1188 https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html https://usn.ubuntu.com/3926-1 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-13006
https://notcve.org/view.php?id=CVE-2018-13006
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. Se ha descubierto un problema en MP4Box en GPAC 0.7.1. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función hdlr_dump en media/box_dump.c. • https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86 https://lists.debian.org/debian-lts-announce/2018/07/msg00024.html https://usn.ubuntu.com/3926-1 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-13005
https://notcve.org/view.php?id=CVE-2018-13005
An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. Se ha descubierto un problema en MP4Box en GPAC 0.7.1. La función urn_Read in isomedia/box_code_base.c tiene una sobrelectura de búfer basada en memoria dinámica (heap). • https://github.com/gpac/gpac/issues/1088 https://lists.debian.org/debian-lts-announce/2018/07/msg00024.html https://usn.ubuntu.com/3926-1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-7752
https://notcve.org/view.php?id=CVE-2018-7752
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. GPAC, hasta la versión 0.7.1, tiene un desbordamiento de búfer en la función gf_media_avc_read_sps en media_tools/av_parsers.c. Esta vulnerabilidad es diferente de CVE-2018-1000100. • https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4 https://github.com/gpac/gpac/issues/997 https://lists.debian.org/debian-lts-announce/2019/02/msg00040.html https://usn.ubuntu.com/3926-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1000100
https://notcve.org/view.php?id=CVE-2018-1000100
GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE. GPAC MP4Box, en versiones 0.7.1 y anteriores, contiene una vulnerabilidad de desbordamiento de búfer en las líneas 2417 a 2420 de src/isomedia/avc_ext.cque puede resultar en la modificación de fragmentos de la memoria dinámica (heap). Esto puede conducir a RCE. Aparentemente, el ataque podría explotarse mediante un MP4 proporcionado por el atacante que, al ser ejecutado por la víctima, podría resultar en RCE. • https://github.com/gpac/gpac/issues/994 https://usn.ubuntu.com/3926-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •