CVE-2020-11558
Published: 5 April 2020
An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_movie_boxes.
Priority
Medium
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
ccextractor Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Ignored
(reached end-of-life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Ignored
(reached end-of-life)
|
|
| jammy |
Needs triage
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
gpac Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| eoan |
Ignored
(reached end-of-life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| hirsute |
Not vulnerable
(1.0.1+dfsg1-3)
|
|
| impish |
Not vulnerable
(1.0.1+dfsg1-3)
|
|
| jammy |
Not vulnerable
(1.0.1+dfsg1-3)
|
|
| precise |
Does not exist
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|