CVE-2019-11222

NameCVE-2019-11222
Descriptiongf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1765-1
Debian Bugs926961

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gpac (PTS)bullseye (security), bullseye1.0.1+dfsg1-4+deb11u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gpacsourcejessie0.5.0+svn5324~dfsg1-1+deb8u3DLA-1765-1
gpacsource(unstable)0.5.2-426-gc5ad4e4+dfsg5-5926961

Notes

[stretch] - gpac <no-dsa> (Minor issue)
https://github.com/gpac/gpac/commit/f36525c5beafb78959c3a07d6622c9028de348da
https://github.com/gpac/gpac/issues/1204
https://github.com/gpac/gpac/issues/1205

Search for package or bug name: Reporting problems