 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2021.0431 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2021-0431) |
| Zusammenfassung: | The remote host is missing an update for the 'gpac' package(s) announced via the MGASA-2021-0431 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'gpac' package(s) announced via the MGASA-2021-0431 advisory. Vulnerability Insight: A specially crafted MPEG-4 input when decoding the atom for the 'co64' FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21834) A specially crafted MPEG-4 input using the 'ctts' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21836) A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21837, CVE-2021-21838, CVE-2021-21839) A specially crafted MPEG-4 input used to process an atom using the 'saio' FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21840) A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21841) A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21842) A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. (CVE-2021-21843) A specially crafted MPEG-4 input when encountering an atom using the 'stco' FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21844) A specially crafted MPEG-4 input in 'stsc' decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21845) A specially crafted MPEG-4 input in 'stsz&' decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21846) A specially crafted MPEG-4 input in 'stts' decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21847) The library will actually reuse the parser for atoms with the 'stsz' FOURCC code when parsing atoms that use the 'stz2' FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'gpac' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-21834 Debian Security Information: DSA-4966 (Google Search) https://www.debian.org/security/2021/dsa-4966 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 Common Vulnerability Exposure (CVE) ID: CVE-2021-21836 Common Vulnerability Exposure (CVE) ID: CVE-2021-21837 https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1297 Common Vulnerability Exposure (CVE) ID: CVE-2021-21838 Common Vulnerability Exposure (CVE) ID: CVE-2021-21839 Common Vulnerability Exposure (CVE) ID: CVE-2021-21840 Common Vulnerability Exposure (CVE) ID: CVE-2021-21841 Common Vulnerability Exposure (CVE) ID: CVE-2021-21842 Common Vulnerability Exposure (CVE) ID: CVE-2021-21843 Common Vulnerability Exposure (CVE) ID: CVE-2021-21844 Common Vulnerability Exposure (CVE) ID: CVE-2021-21845 Common Vulnerability Exposure (CVE) ID: CVE-2021-21846 Common Vulnerability Exposure (CVE) ID: CVE-2021-21847 Common Vulnerability Exposure (CVE) ID: CVE-2021-21848 Common Vulnerability Exposure (CVE) ID: CVE-2021-21849 Common Vulnerability Exposure (CVE) ID: CVE-2021-21850 Common Vulnerability Exposure (CVE) ID: CVE-2021-21853 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 Common Vulnerability Exposure (CVE) ID: CVE-2021-21854 Common Vulnerability Exposure (CVE) ID: CVE-2021-21855 Common Vulnerability Exposure (CVE) ID: CVE-2021-21857 Common Vulnerability Exposure (CVE) ID: CVE-2021-21858 Common Vulnerability Exposure (CVE) ID: CVE-2021-21859 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 Common Vulnerability Exposure (CVE) ID: CVE-2021-21860 Common Vulnerability Exposure (CVE) ID: CVE-2021-21861 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |