Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2022-29340

HistoryMay 05, 2022 - 1:15 p.m.

CVE-2022-29340

2022-05-0513:15:07

Debian Security Bug Tracker

security-tracker.debian.org

gpac

null pointer dereference

denial of service

commit 37592ad

vulnerability

unix

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

37.9%

JSON

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.

OSVersionArchitecturePackageVersionFilename
Debian11allgpac<= 1.0.1+dfsg1-4+deb11u3gpac_1.0.1+dfsg1-4+deb11u3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	gpac	<= 1.0.1+dfsg1-4+deb11u3	gpac_1.0.1+dfsg1-4+deb11u3_all.deb

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

37.9%

JSON

Related for DEBIANCVE:CVE-2022-29340