A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsubreadidx of the file /src/mediatools/vobsub.c of the component MP4Box. Executing a manipulation of the argument numlangs can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called 532097084729a936bcdf6a27c41003f3bd7dc3ff. It is best practice to apply a patch to resolve this issue. Two different commits were applied to fix this issue.
{
"binaries": [
{
"binary_name": "gpac",
"binary_version": "0.5.0+svn4288~dfsg1-4ubuntu1+esm2"
},
{
"binary_name": "gpac-modules-base",
"binary_version": "0.5.0+svn4288~dfsg1-4ubuntu1+esm2"
},
{
"binary_name": "libgpac2",
"binary_version": "0.5.0+svn4288~dfsg1-4ubuntu1+esm2"
}
]
}{
"binaries": [
{
"binary_name": "gpac",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2"
},
{
"binary_name": "gpac-modules-base",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2"
},
{
"binary_name": "libgpac4",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2"
}
]
}{
"binaries": [
{
"binary_name": "gpac",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1"
},
{
"binary_name": "gpac-modules-base",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1"
},
{
"binary_name": "libgpac4",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1"
}
]
}{
"binaries": [
{
"binary_name": "gpac",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2"
},
{
"binary_name": "gpac-modules-base",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2"
},
{
"binary_name": "libgpac4",
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2"
}
]
}