CVE-2018-1000100

Priority
Description
GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow
vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result
in Heap chunks being modified, this could lead to RCE. This attack appear
to be exploitable via an attacker supplied MP4 file that when run by the
victim may result in RCE.
Ubuntu-Description
It was discovered that the GPAC MP4Box utility incorrectly handled certain
memory operations. If an user or automated system were tricked into opening a
specially crafted MP4 file, a remote attacker could use this issue to cause
MP4Box to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Notes
Package
Source: gpac (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1)
Ubuntu 20.04 LTS (Focal Fossa):needed
Ubuntu 20.10 (Groovy Gorilla):needed
Patches:
Upstream:https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4
More Information

Updated: 2020-07-30 18:14:26 UTC (commit a3b70c3d501ce61e535d9cd79ccfb402133b155e)