CVE-2018-13005

Priority
Description
An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in
isomedia/box_code_base.c has a heap-based buffer over-read.
Ubuntu-Description
It was discovered that the GPAC MP4Box utility incorrectly handled certain
memory operations. If an user or automated system were tricked into opening a
specially crafted MP4 file, a remote attacker could use this issue to cause
MP4Box to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Notes
Package
Source: gpac (LP Ubuntu Debian)
Upstream:released (0.5.0+svn5324~dfsg1-1+deb8u1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (0.5.2-426-gc5ad4e4+dfsg5-5)
Ubuntu 20.10 (Groovy Gorilla):not-affected (0.5.2-426-gc5ad4e4+dfsg5-5)
More Information

Updated: 2020-07-30 18:14:27 UTC (commit a3b70c3d501ce61e535d9cd79ccfb402133b155e)