Candidate: CVE-2019-11222
PublicDate: 2019-04-15 12:31:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11222
 https://github.com/gpac/gpac/issues/1204
 https://github.com/gpac/gpac/issues/1205
Description:
 gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow
 issue for the crypt feature when encountering a crafted_drm_file.xml file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926961
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_gpac:
 upstream: https://github.com/gpac/gpac/commit/f36525c5beafb78959c3a07d6622c9028de348da
upstream_gpac: released (0.5.2-426-gc5ad4e4+dfsg5-5)
precise/esm_gpac: DNE
trusty_gpac: ignored (out of standard support)
trusty/esm_gpac: needed
xenial_gpac: ignored (end of standard support, was needed)
bionic_gpac: needed
cosmic_gpac: ignored (reached end-of-life)
disco_gpac: ignored (reached end-of-life)
eoan_gpac: ignored (reached end-of-life)
focal_gpac: not-affected (0.5.2-426-gc5ad4e4+dfsg5-5)
groovy_gpac: not-affected (0.5.2-426-gc5ad4e4+dfsg5-5)
hirsute_gpac: not-affected (0.5.2-426-gc5ad4e4+dfsg5-5)
impish_gpac: not-affected (0.5.2-426-gc5ad4e4+dfsg5-5)
jammy_gpac: not-affected (0.5.2-426-gc5ad4e4+dfsg5-5)
devel_gpac: not-affected (0.5.2-426-gc5ad4e4+dfsg5-5)