CVE-2018-1000100

NameCVE-2018-1000100
DescriptionGPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gpac (PTS)jessie0.5.0+svn5324~dfsg1-1fixed
jessie (security)0.5.0+svn5324~dfsg1-1+deb8u5fixed
stretch0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1fixed
bullseye, sid, buster0.5.2-426-gc5ad4e4+dfsg5-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gpacsource(unstable)(not affected)

Notes

- gpac <not-affected> (Vulnerable code not present)
https://github.com/gpac/gpac/issues/994
https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4

Search for package or bug name: Reporting problems