Bug#1051955: gpac: CVE-2023-41000

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1051955: gpac: CVE-2023-41000
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 14 Sep 2023 21:02:44 +0200
Message-id: <[🔎] 169471816498.1223137.18269814954169615036.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1051955@bugs.debian.org

Source: gpac
Version: 2.2.1+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/gpac/gpac/issues/2550
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for gpac.

CVE-2023-41000[0]:
| GPAC through 2.2.1 has a use-after-free vulnerability in the
| function gf_bifs_flush_command_list in bifs/memory_decoder.c.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-41000
    https://www.cve.org/CVERecord?id=CVE-2023-41000
[1] https://github.com/gpac/gpac/issues/2550
[2] https://github.com/gpac/gpac/commit/0018b5e4e07a1465287e7dff69b387929f5a75fa

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Prev by Date: libperlmenu-perl_4.0-6_source.changes ACCEPTED into unstable
Next by Date: Processing of libxml-rss-feed-perl_2.212-2_source.changes
Previous by thread: libperlmenu-perl_4.0-6_source.changes ACCEPTED into unstable
Next by thread: Processing of libxml-rss-feed-perl_2.212-2_source.changes
Index(es):
- Date
- Thread