Your submission was sent successfully! Close

CVE-2018-21016

Published: 16 September 2019

audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
ccextractor
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needed

precise Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

gpac
Launchpad, Ubuntu, Debian
bionic Needed

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needed

groovy Ignored
(reached end-of-life)
hirsute Not vulnerable
(1.0.1+dfsg1-3)
impish Not vulnerable
(1.0.1+dfsg1-3)
jammy Not vulnerable
(1.0.1+dfsg1-3)
precise Does not exist

trusty Needed

upstream
Released (0.8.0)
xenial Ignored
(end of standard support, was needed)
Patches:
upstream: https://github.com/gpac/gpac/commit/ea13945f3c2dc2c21e30e2731bf2782384307a13