ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0137
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0137)
Resumen:	The remote host is missing an update for the 'gpac' package(s) announced via the MGASA-2020-0137 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gpac' package(s) announced via the MGASA-2020-0137 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is 'cfg_new->AVCLevelIndication = cfg->AVCLevelIndication,' but cfg could be NULL. (CVE-2018-21015) audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (CVE-2018-21016) In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c. (CVE-2019-13618) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. (CVE-2019-20161) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. (CVE-2019-20162) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. (CVE-2019-20163) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c. (CVE-2019-20165) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c. (CVE-2019-20170) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c. (CVE-2019-20171) dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow. (CVE-2019-20208) Affected Software/OS: 'gpac' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-21015 https://github.com/gpac/gpac/issues/1179 https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2018-21016 https://github.com/gpac/gpac/issues/1180 Common Vulnerability Exposure (CVE) ID: CVE-2019-13618 https://github.com/gpac/gpac/compare/440d475...6b4ab40 https://github.com/gpac/gpac/issues/1250 Common Vulnerability Exposure (CVE) ID: CVE-2019-20161 https://github.com/gpac/gpac/issues/1320 Common Vulnerability Exposure (CVE) ID: CVE-2019-20162 https://github.com/gpac/gpac/issues/1327 Common Vulnerability Exposure (CVE) ID: CVE-2019-20163 https://github.com/gpac/gpac/issues/1335 Common Vulnerability Exposure (CVE) ID: CVE-2019-20165 https://github.com/gpac/gpac/issues/1338 Common Vulnerability Exposure (CVE) ID: CVE-2019-20170 https://github.com/gpac/gpac/issues/1328 Common Vulnerability Exposure (CVE) ID: CVE-2019-20171 https://github.com/gpac/gpac/issues/1337 Common Vulnerability Exposure (CVE) ID: CVE-2019-20208 https://github.com/gpac/gpac/issues/1348
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.