CVE-2020-35980

Name	CVE-2020-35980
Description	An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-5411-1
Debian Bugs	987374, 990691, 994746

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
ccextractor (PTS)	bullseye	0.88+ds1-1	fixed
gpac (PTS)	bullseye (security), bullseye	1.0.1+dfsg1-4+deb11u3	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
ccextractor	source	buster	(not affected)
ccextractor	source	bullseye	(not affected)
ccextractor	source	(unstable)	0.93+ds2-1		994746
gpac	source	stretch	(not affected)
gpac	source	buster	(not affected)
gpac	source	bullseye	1.0.1+dfsg1-4+deb11u2	DSA-5411-1
gpac	source	(unstable)	2.0.0+dfsg1-2		987374, 990691

Notes

[buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
[bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
[buster] - ccextractor <not-affected> (Vulnerable code introduced later)
https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a (v2.0.0)
https://github.com/gpac/gpac/issues/1661
Introduced by https://github.com/gpac/gpac/commit/51dadae6c790af3f639c4d9d660658b2848b51a0
The vulnerability refers to the stbl member of the TrackWriter struct in isom_writer.c, which was only introduced in 51dadae6c7