CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
72.4%
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4966 advisory.
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the co64 FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21834)
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the ctts FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21836)
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21837, CVE-2021-21838, CVE-2021-21839)
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the saio FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21840)
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the ‘sbgp’ FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21841)
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the ‘ssix’ FOURCC code, due to unchecked arithmetic resulting in a heap- based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21842)
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21843)
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the stco FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21844)
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in stsc decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21845)
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in stsz decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21846)
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in stts decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21847)
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the stsz FOURCC code when parsing atoms that use the stz2 FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21848)
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the tfra FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21849)
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the trun FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21850)
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21853, CVE-2021-21854, CVE-2021-21855, CVE-2021-21857, CVE-2021-21858)
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the ‘stri’ FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21859)
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, ‘trik’, is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21860)
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the ‘hdlr’ FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21861)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-4966. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152943);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/01");
script_cve_id(
"CVE-2021-21834",
"CVE-2021-21836",
"CVE-2021-21837",
"CVE-2021-21838",
"CVE-2021-21839",
"CVE-2021-21840",
"CVE-2021-21841",
"CVE-2021-21842",
"CVE-2021-21843",
"CVE-2021-21844",
"CVE-2021-21845",
"CVE-2021-21846",
"CVE-2021-21847",
"CVE-2021-21848",
"CVE-2021-21849",
"CVE-2021-21850",
"CVE-2021-21853",
"CVE-2021-21854",
"CVE-2021-21855",
"CVE-2021-21857",
"CVE-2021-21858",
"CVE-2021-21859",
"CVE-2021-21860",
"CVE-2021-21861"
);
script_name(english:"Debian DSA-4966-1 : gpac - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-4966 advisory.
- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC
Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for
the co64 FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based
buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger
this vulnerability. (CVE-2021-21834)
- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC
Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the ctts FOURCC code
can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that
causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21836)
- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of
the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer
overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory
corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21837, CVE-2021-21838, CVE-2021-21839)
- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC
Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using
the saio FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based
buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger
this vulnerability. (CVE-2021-21840)
- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC
Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using
the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based
buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger
this vulnerability. (CVE-2021-21841)
- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC
Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow
when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-
based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to
trigger this vulnerability. (CVE-2021-21842)
- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of
the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer
overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory
corruption. After validating the number of ranges, at [41] the library will multiply the count by the size
of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an
integer overflow causing the space of the array being allocated to be less than expected. An attacker can
convince a user to open a video to trigger this vulnerability. (CVE-2021-21843)
- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of
the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an
atom using the stco FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in
a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a
video to trigger this vulnerability. (CVE-2021-21844)
- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of
the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in stsc decoder
can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that
causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21845)
- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of
the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in stsz decoder
can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that
causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21846)
- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of
the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in stts decoder
can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that
causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21847)
- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC
Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the
stsz FOURCC code when parsing atoms that use the stz2 FOURCC code and can cause an integer overflow
due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An
attacker can convince a user to open a video to trigger this vulnerability. (CVE-2021-21848)
- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC
Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow
when the library encounters an atom using the tfra FOURCC code due to unchecked arithmetic resulting in
a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a
video to trigger this vulnerability. (CVE-2021-21849)
- An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC
Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow
when the library encounters an atom using the trun FOURCC code due to unchecked arithmetic resulting in
a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a
video to trigger this vulnerability. (CVE-2021-21850)
- Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of
the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer
overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory
corruption. An attacker can convince a user to open a video to trigger this vulnerability.
(CVE-2021-21853, CVE-2021-21854, CVE-2021-21855, CVE-2021-21857, CVE-2021-21858)
- An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the
GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms
using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this
vulnerability. (CVE-2021-21859)
- An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the
GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper
memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC
code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a
video to trigger this vulnerability. (CVE-2021-21860)
- An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the
GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially
crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow
that causes memory corruption. An attacker can convince a user to open a video to trigger this
vulnerability. (CVE-2021-21861)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/gpac");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2021/dsa-4966");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21834");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21836");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21837");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21838");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21839");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21840");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21841");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21842");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21843");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21844");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21845");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21846");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21847");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21848");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21849");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21850");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21853");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21854");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21855");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21857");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21858");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21859");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21860");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-21861");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/gpac");
script_set_attribute(attribute:"solution", value:
"Upgrade the gpac packages.
For the stable distribution (bullseye), these problems have been fixed in version 1.0.1+dfsg1-4+deb11u1.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-21861");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/16");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gpac");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gpac-modules-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgpac-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgpac10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('audit.inc');
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var release = get_kb_item('Host/Debian/release');
if ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');
var release = chomp(release);
if (! preg(pattern:"^(11)\.[0-9]+", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '11.0', 'prefix': 'gpac', 'reference': '1.0.1+dfsg1-4+deb11u1'},
{'release': '11.0', 'prefix': 'gpac-modules-base', 'reference': '1.0.1+dfsg1-4+deb11u1'},
{'release': '11.0', 'prefix': 'libgpac-dev', 'reference': '1.0.1+dfsg1-4+deb11u1'},
{'release': '11.0', 'prefix': 'libgpac10', 'reference': '1.0.1+dfsg1-4+deb11u1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (release && prefix && reference) {
if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gpac / gpac-modules-base / libgpac-dev / libgpac10');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21834
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21836
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21837
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21838
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21839
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21840
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21841
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21842
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21843
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21844
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21845
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21846
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21848
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21849
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21850
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21853
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21854
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21855
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21857
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21858
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21859
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21860
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21861
packages.debian.org/source/bullseye/gpac
security-tracker.debian.org/tracker/CVE-2021-21834
security-tracker.debian.org/tracker/CVE-2021-21836
security-tracker.debian.org/tracker/CVE-2021-21837
security-tracker.debian.org/tracker/CVE-2021-21838
security-tracker.debian.org/tracker/CVE-2021-21839
security-tracker.debian.org/tracker/CVE-2021-21840
security-tracker.debian.org/tracker/CVE-2021-21841
security-tracker.debian.org/tracker/CVE-2021-21842
security-tracker.debian.org/tracker/CVE-2021-21843
security-tracker.debian.org/tracker/CVE-2021-21844
security-tracker.debian.org/tracker/CVE-2021-21845
security-tracker.debian.org/tracker/CVE-2021-21846
security-tracker.debian.org/tracker/CVE-2021-21847
security-tracker.debian.org/tracker/CVE-2021-21848
security-tracker.debian.org/tracker/CVE-2021-21849
security-tracker.debian.org/tracker/CVE-2021-21850
security-tracker.debian.org/tracker/CVE-2021-21853
security-tracker.debian.org/tracker/CVE-2021-21854
security-tracker.debian.org/tracker/CVE-2021-21855
security-tracker.debian.org/tracker/CVE-2021-21857
security-tracker.debian.org/tracker/CVE-2021-21858
security-tracker.debian.org/tracker/CVE-2021-21859
security-tracker.debian.org/tracker/CVE-2021-21860
security-tracker.debian.org/tracker/CVE-2021-21861
security-tracker.debian.org/tracker/source-package/gpac
www.debian.org/security/2021/dsa-4966
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
72.4%