Your submission was sent successfully! Close

CVE-2020-11558

Published: 5 April 2020

An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_movie_boxes.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
ccextractor
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

gpac
Launchpad, Ubuntu, Debian
bionic Needs triage

eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Not vulnerable
(1.0.1+dfsg1-3)
impish Not vulnerable
(1.0.1+dfsg1-3)
jammy Not vulnerable
(1.0.1+dfsg1-3)
precise Does not exist

trusty Needs triage

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)