Updated gpac packages fix security vulnerability
Publication date: 10 Apr 2019Modification date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-7752 , CVE-2018-13005 , CVE-2018-13006 , CVE-2018-20760 , CVE-2018-20761 , CVE-2018-20762 , CVE-2018-20763 , CVE-2018-1000100
Description
It was discovered that the GPAC MP4Box utility incorrectly handled certain
memory operations. If an user or automated system were tricked into opening
a specially crafted MP4 file, a remote attacker could use this issue to
cause MP4Box to crash, resulting in a denial of service, or possibly execute
arbitrary code (CVE-2018-7752, CVE-2018-13005, CVE-2018-13006, CVE-2018-20760,
CVE-2018-20761, CVE-2018-20762, CVE-2018-20763, CVE-2018-1000100).
References
- https://bugs.mageia.org/show_bug.cgi?id=24601
- https://usn.ubuntu.com/3926-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7752
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13005
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13006
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20760
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20761
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20762
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20763
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000100
SRPMS
6/tainted
- gpac-0.6.1-4.1.mga6.tainted