Debian DSA-4966-1 : gpac - security update

high Nessus Plugin ID 152943

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4966 advisory.

- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the co64 FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21834)

- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the ctts FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21836)

- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21837, CVE-2021-21838, CVE-2021-21839)

- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the saio FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21840)

- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21841)

- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap- based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21842)

- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21843)

- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the stco FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21844)

- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in stsc decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21845)

- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in stsz decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21846)

- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in stts decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21847)

- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the stsz FOURCC code when parsing atoms that use the stz2 FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21848)

- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the tfra FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21849)

- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the trun FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21850)

- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21853, CVE-2021-21854, CVE-2021-21855, CVE-2021-21857, CVE-2021-21858)

- An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21859)

- An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21860)

- An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21861)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the gpac packages.

For the stable distribution (bullseye), these problems have been fixed in version 1.0.1+dfsg1-4+deb11u1.

See Also

https://security-tracker.debian.org/tracker/source-package/gpac

https://www.debian.org/security/2021/dsa-4966

https://security-tracker.debian.org/tracker/CVE-2021-21834

https://security-tracker.debian.org/tracker/CVE-2021-21836

https://security-tracker.debian.org/tracker/CVE-2021-21837

https://security-tracker.debian.org/tracker/CVE-2021-21838

https://security-tracker.debian.org/tracker/CVE-2021-21839

https://security-tracker.debian.org/tracker/CVE-2021-21840

https://security-tracker.debian.org/tracker/CVE-2021-21841

https://security-tracker.debian.org/tracker/CVE-2021-21842

https://security-tracker.debian.org/tracker/CVE-2021-21843

https://security-tracker.debian.org/tracker/CVE-2021-21844

https://security-tracker.debian.org/tracker/CVE-2021-21845

https://security-tracker.debian.org/tracker/CVE-2021-21846

https://security-tracker.debian.org/tracker/CVE-2021-21847

https://security-tracker.debian.org/tracker/CVE-2021-21848

https://security-tracker.debian.org/tracker/CVE-2021-21849

https://security-tracker.debian.org/tracker/CVE-2021-21850

https://security-tracker.debian.org/tracker/CVE-2021-21853

https://security-tracker.debian.org/tracker/CVE-2021-21854

https://security-tracker.debian.org/tracker/CVE-2021-21855

https://security-tracker.debian.org/tracker/CVE-2021-21857

https://security-tracker.debian.org/tracker/CVE-2021-21858

https://security-tracker.debian.org/tracker/CVE-2021-21859

https://security-tracker.debian.org/tracker/CVE-2021-21860

https://security-tracker.debian.org/tracker/CVE-2021-21861

https://packages.debian.org/source/bullseye/gpac

Plugin Details

Severity: High

ID: 152943

File Name: debian_DSA-4966.nasl

Version: 1.3

Type: local

Agent: unix

Published: 9/1/2021

Updated: 12/1/2023

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-21861

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:libgpac-dev, p-cpe:/a:debian:debian_linux:libgpac10, p-cpe:/a:debian:debian_linux:gpac-modules-base, p-cpe:/a:debian:debian_linux:gpac

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/31/2021

Vulnerability Publication Date: 8/16/2021

Reference Information

CVE: CVE-2021-21834, CVE-2021-21836, CVE-2021-21837, CVE-2021-21838, CVE-2021-21839, CVE-2021-21840, CVE-2021-21841, CVE-2021-21842, CVE-2021-21843, CVE-2021-21844, CVE-2021-21845, CVE-2021-21846, CVE-2021-21847, CVE-2021-21848, CVE-2021-21849, CVE-2021-21850, CVE-2021-21853, CVE-2021-21854, CVE-2021-21855, CVE-2021-21857, CVE-2021-21858, CVE-2021-21859, CVE-2021-21860, CVE-2021-21861