3 matches found
DEBIAN-CVE-2022-1441
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function diSTboxread to read from video. In this function, it allocates a buffer str with fixed length. However, content read from bs is controllable ...
UBUNTU-CVE-2022-1441
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function diSTboxread to read from video. In this function, it allocates a buffer str with fixed length. However, content read from bs is controllable ...
CVE-2022-1441
CVE-2022-1441 concerns MP4Box, a component of GPAC-2.0.0. The issue occurs in diST_box_read() where a buffer str is allocated with a fixed length, but data read from bs (and its length) are user-controlled, enabling a buffer overflow. Public advisories reference GPAC-related fixes: Debian DSA-541...