Xidoo123

**Nome do Software Vulnerável e Versões Afetadas** GPAC MP4box versão 2.1-DEV-rev574-g9d5bb184b **Descrição** O problema está relacionado a um estouro de buffer na função `gf vvc read pps bs internal` de `media tools/av parsers.c`. É necessária uma verificação para `num exp tile columns`. **Recomendações** Para o GPAC MP4box versão 2.1-DEV-rev574-g9d5bb184b, como medida temporária (workaround), considere desabilitar a função `gf vvc read pps bs internal` até que um patch esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Libde265 versão 1.0.9 **Descrição** O problema está relacionado a um estouro de buffer na função `ff hevc put hevc qpel pixels 8 sse` da implementação do codec de vídeo h.265 da Libde265. Essa vulnerabilidade é causada pela cópia de um buffer sem a verificação do tamanho dos dados de entrada. A exploração desse problema pode permitir que um invasor comprometa a confidencialidade, a integridade e a disponibilidade das informações protegidas. **Recomendações** Para a versão 1.0.9 do Libde265, atualize para a versão 1.0.11 para corrigir as falhas de segurança. Como solução temporária, considere desativar a função `ff hevc put hevc qpel pixels 8 sse` até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas** Libde265 versão 1.0.9 **Descrição** O problema está relacionado a um estouro de buffer de heap na função `de265 image::set SliceAddrRS(int, int, int)` do codec de vídeo Libde265. Isso pode permitir que um invasor comprometa a confidencialidade, integridade e disponibilidade de informações protegidas. **Recomendações** Para a versão 1.0.9 do Libde265, atualize para a versão 1.0.11 para corrigir os problemas de segurança. Como solução temporária, considere desativar a função `de265 image::set SliceAddrRS(int, int, int)` até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas** Libde265 versão 1.0.9 **Descrição** O problema está relacionado a um estouro de buffer na função `put qpel fallback()` da implementação do codec de vídeo Libde265. Isso pode permitir que um invasor acesse dados confidenciais, comprometa a integridade dos dados e cause uma negação de serviço. O número estimado de dispositivos potencialmente afetados e detalhes sobre incidentes reais não foram fornecidos. **Recomendações** Para a versão 1.0.9 do Libde265, atualize para a versão 1.0.11 para corrigir as falhas de segurança. Como solução temporária, considere desativar a função `put qpel fallback()` até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas** GPAC MP4box versão 2.0.0 **Descrição** Foi detectada uma vulnerabilidade de estouro de pilha no parâmetro `smil parse time list` no arquivo `/scenegraph/svg attributes.c`. **Recomendações** Para o GPAC MP4box versão 2.0.0, considere restringir o acesso ao parâmetro vulnerável `smil parse time list` até que uma correção esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para este problema.

**Nome do software vulnerável e versões afetadas** GPAC versão 2.0.0 **Descrição** O problema ocorre quando o MP4Box, um componente do GPAC, tenta analisar um arquivo MP4. Ele chama a função `diST box read()` para ler o vídeo, alocando um buffer `str` com comprimento fixo. No entanto, o conteúdo lido de `bs` e seu comprimento são controláveis pelo usuário, levando a um estouro de buffer. **Recomendações** Para a versão 2.0.0 do GPAC, considere desativar a função `diST box read()` como uma solução temporária até que um patch esteja disponível. Restrinja o acesso ao MP4Box para minimizar o risco de exploração. Evite usar o MP4Box para analisar arquivos MP4 de fontes não confiáveis até que o problema seja resolvido.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a buffer overflow in the `gf vvc read pps bs internal` function, located in the `media tools/av parsers.c` file. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, consider disabling the `gf vvc read pps bs internal` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a Buffer Overflow. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a Buffer Overflow that occurs via the `gf vvc read sps bs internal` function in the `media tools/av parsers.c` file. This function is part of the GPAC MP4box, which is a tool for manipulating MP4 files. The Buffer Overflow is a type of security vulnerability that can cause a program to crash or execute arbitrary code, potentially leading to security breaches. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, consider disabling the `gf vvc read sps bs internal` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a Buffer Overflow in the `gf text process sub` function of `filters/load text.c`. This function is part of the GPAC MP4box, which is used for processing and manipulating multimedia files. The Buffer Overflow occurs when the function attempts to process a text input that exceeds the expected buffer size, potentially leading to arbitrary code execution. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, as a temporary workaround, consider disabling the `gf text process sub` function until a patch is available. Restrict access to the `filters/load text.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to an Integer overflow vulnerability in the `gf hevc read sps bs internal` function of `media tools/av parsers.c` at line 8316. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, as a temporary workaround, consider disabling the `gf hevc read sps bs internal` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a heap use-after-free vulnerability. It occurs via the file filters/dmx m2ts.c at line 470 in the `m2tsdmx declare pid` function. This vulnerability can be exploited, but details about the estimated number of potentially affected devices or real-world incidents are not provided. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, consider disabling the `m2tsdmx declare pid` function as a temporary workaround until a patch is available. Restrict access to the filters/dmx m2ts.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a Null pointer dereference in the `m2tsdmx declare pid` function, located in `filters/dmx m2ts.c:343`. This problem can be exploited via the `m2tsdmx declare pid` function. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, consider disabling the `m2tsdmx declare pid` function as a temporary workaround until a patch is available. Restrict access to the `filters/dmx m2ts.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a buffer overflow in the `hevc parse vps extension` function of `media tools/av parsers.c`. This function is used for parsing video parameters, and the buffer overflow can occur due to improper handling of data. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, as a temporary workaround, consider disabling the `hevc parse vps extension` function until a patch is available. Restrict access to the `media tools/av parsers.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev593-g007bf61a0 **Description** The issue is related to a Buffer Overflow in the `eac3 update channels` function, located in the `media tools/av parsers.c` file at line 9113. This function is part of the GPAC MP4box software. **Recommendations** For GPAC MP4box version 2.1-DEV-rev593-g007bf61a0, consider disabling the `eac3 update channels` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev593-g007bf61a0 **Description** The issue is related to a Buffer Overflow in the `gf hevc read sps bs internal` function of `media tools/av parsers.c` at line 8261. This function is susceptible to a buffer overflow, which can lead to potential security issues. **Recommendations** For GPAC MP4box version 2.1-DEV-rev593-g007bf61a0, consider disabling the `gf hevc read sps bs internal` function as a temporary workaround until a patch is available. Restrict access to the `media tools/av parsers.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev617-g85ce76efd **Description** The issue is related to a Buffer Overflow in the `gf hevc read sps bs internal` function of `media tools/av parsers.c` at line 8273. **Recommendations** For GPAC MP4box version 2.1-DEV-rev617-g85ce76efd, consider disabling the `gf hevc read sps bs internal` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4Box version 2.1-DEV-rev644-g5c4df2a67 **Description** The issue is related to a buffer overflow in the `hevc parse vps extension` function, located in the `media tools/av parsers.c` file at line 7662. This buffer overflow can be exploited, potentially leading to security issues. **Recommendations** For GPAC MP4Box version 2.1-DEV-rev644-g5c4df2a67, consider disabling the `hevc parse vps extension` function as a temporary workaround until a patch is available. Restrict access to the `media tools/av parsers.c` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4Box version 2.1-DEV-rev644-g5c4df2a67 **Description** The issue is related to a buffer overflow in the `gf hevc read vps bs internal` function, located in the `media tools/av parsers.c` file at line 8039. This function is part of the GPAC MP4Box media processing tool. **Recommendations** For GPAC MP4Box version 2.1-DEV-rev644-g5c4df2a67, consider disabling the `gf hevc read vps bs internal` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev644-g5c4df2a67 **Description** The issue is related to a Buffer Overflow in the `gf bs read data` function. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For GPAC MP4box version 2.1-DEV-rev644-g5c4df2a67, at the moment, there is no information about a newer version that contains a fix for this vulnerability.