 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2021.0431 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2021-0431) |
| Resumen: | The remote host is missing an update for the 'gpac' package(s) announced via the MGASA-2021-0431 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'gpac' package(s) announced via the MGASA-2021-0431 advisory. Vulnerability Insight: A specially crafted MPEG-4 input when decoding the atom for the 'co64' FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21834) A specially crafted MPEG-4 input using the 'ctts' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21836) A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21837, CVE-2021-21838, CVE-2021-21839) A specially crafted MPEG-4 input used to process an atom using the 'saio' FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21840) A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21841) A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21842) A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. (CVE-2021-21843) A specially crafted MPEG-4 input when encountering an atom using the 'stco' FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21844) A specially crafted MPEG-4 input in 'stsc' decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21845) A specially crafted MPEG-4 input in 'stsz&' decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21846) A specially crafted MPEG-4 input in 'stts' decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21847) The library will actually reuse the parser for atoms with the 'stsz' FOURCC code when parsing atoms that use the 'stz2' FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'gpac' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-21834 Debian Security Information: DSA-4966 (Google Search) https://www.debian.org/security/2021/dsa-4966 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 Common Vulnerability Exposure (CVE) ID: CVE-2021-21836 Common Vulnerability Exposure (CVE) ID: CVE-2021-21837 https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1297 Common Vulnerability Exposure (CVE) ID: CVE-2021-21838 Common Vulnerability Exposure (CVE) ID: CVE-2021-21839 Common Vulnerability Exposure (CVE) ID: CVE-2021-21840 Common Vulnerability Exposure (CVE) ID: CVE-2021-21841 Common Vulnerability Exposure (CVE) ID: CVE-2021-21842 Common Vulnerability Exposure (CVE) ID: CVE-2021-21843 Common Vulnerability Exposure (CVE) ID: CVE-2021-21844 Common Vulnerability Exposure (CVE) ID: CVE-2021-21845 Common Vulnerability Exposure (CVE) ID: CVE-2021-21846 Common Vulnerability Exposure (CVE) ID: CVE-2021-21847 Common Vulnerability Exposure (CVE) ID: CVE-2021-21848 Common Vulnerability Exposure (CVE) ID: CVE-2021-21849 Common Vulnerability Exposure (CVE) ID: CVE-2021-21850 Common Vulnerability Exposure (CVE) ID: CVE-2021-21853 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 Common Vulnerability Exposure (CVE) ID: CVE-2021-21854 Common Vulnerability Exposure (CVE) ID: CVE-2021-21855 Common Vulnerability Exposure (CVE) ID: CVE-2021-21857 Common Vulnerability Exposure (CVE) ID: CVE-2021-21858 Common Vulnerability Exposure (CVE) ID: CVE-2021-21859 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 Common Vulnerability Exposure (CVE) ID: CVE-2021-21860 Common Vulnerability Exposure (CVE) ID: CVE-2021-21861 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |