Bug#1034890: gpac: CVE-2023-0841
Source: gpac
X-Debbugs-CC: team@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for gpac.
CVE-2023-0841[0]:
| A vulnerability, which was classified as critical, has been found in
| GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function
| mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation
| leads to heap-based buffer overflow. The attack may be initiated
| remotely. The exploit has been disclosed to the public and may be
| used. The associated identifier of this vulnerability is VDB-221087.
Only reference here is the following, doesn't seem to have been forwarded:
https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-0841
https://www.cve.org/CVERecord?id=CVE-2023-0841
Please adjust the affected versions in the BTS as needed.
Reply to:
- Prev by Date:
Bug#1034867: smplayer: crash when playing video files using mplayer under Wayland
- Next by Date:
Processed: tagging 1034891, tagging 1034890, tagging 1034888, tagging 1034886, tagging 1034887, tagging 1034889 ...
- Previous by thread:
Processed: reassign 700599 to src:curl, reassign 1034819 to debian-installer, reassign 1034800 to liblua5.4-0 ...
- Next by thread:
Processed: tagging 1034891, tagging 1034890, tagging 1034888, tagging 1034886, tagging 1034887, tagging 1034889 ...
- Index(es):