CVE-2018-1000100

NameCVE-2018-1000100
DescriptionGPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gpac (PTS)jessie, jessie (lts)0.5.0+svn5324~dfsg1-1+deb8u5fixed
stretch0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1fixed
buster0.5.2-426-gc5ad4e4+dfsg5-5fixed
bullseye (security), bullseye1.0.1+dfsg1-4+deb11u3fixed
sid2.2.1+dfsg1-3.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gpacsource(unstable)(not affected)

Notes

- gpac <not-affected> (Vulnerable code not present)
https://github.com/gpac/gpac/issues/994
https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4

Search for package or bug name: Reporting problems