CVE-2018-1000100

Priority
Description
GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow
vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result
in Heap chunks being modified, this could lead to RCE. This attack appear
to be exploitable via an attacker supplied MP4 file that when run by the
victim may result in RCE.
Package
Source: gpac (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (0.5.2-426-gc5ad4e4+dfsg5-4ubuntu0.1)
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Patches:
Upstream:https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4
More Information

Updated: 2019-04-22 21:31:20 UTC (commit 750f6738e68600bdf0b7c7ef543b49378c330e4e)