Search CVE reports
1 – 8 of 8 results
CVE-2022-33070
Medium prioritySome fixes available 7 of 66
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
9 affected packages
argyll, ccextractor, libgadu, libpg-query, libsignal-protocol-c...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
argyll | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
libgadu | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libpg-query | Needs evaluation | Needs evaluation | — | — | — |
libsignal-protocol-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
ocserv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
pidgin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
protobuf-c | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
sudo | Not affected | Fixed | Not affected | Not affected | Not affected |
CVE-2021-32440
Medium priorityThe Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
2 affected packages
ccextractor, gpac
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
gpac | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-32439
Medium priorityBuffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
2 affected packages
ccextractor, gpac
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
gpac | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-11558
Medium priorityAn issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free...
2 affected packages
ccextractor, gpac
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
gpac | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2018-21017
Low priorityGPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.
2 affected packages
ccextractor, gpac
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
gpac | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-21016
Medium priorityaudio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
2 affected packages
ccextractor, gpac
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ccextractor | Needs evaluation | Vulnerable | Vulnerable | Not in release | Not in release |
gpac | Not affected | Not affected | Vulnerable | Vulnerable | Vulnerable |
CVE-2018-21015
Medium priorityAVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication =...
2 affected packages
ccextractor, gpac
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
gpac | Not affected | Not affected | Vulnerable | Vulnerable | Vulnerable |
CVE-2018-16981
Medium prioritystb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.
13 affected packages
catimg, ccextractor, flif, goxel, libsfml...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
catimg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
flif | Not in release | Not in release | Not in release | Not in release | Not in release |
goxel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
libsfml | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
libsixel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
love | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
mame | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
renderdoc | Not in release | Needs evaluation | Needs evaluation | Not in release | Not in release |
retroarch | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
tweeny | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
zam-plugins | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
zynaddsubfx | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |