Source: gpac Version: 2.2.1+dfsg1-3 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/gpac/gpac/issues/2550 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for gpac. CVE-2023-41000[0]: | GPAC through 2.2.1 has a use-after-free vulnerability in the | function gf_bifs_flush_command_list in bifs/memory_decoder.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-41000 https://www.cve.org/CVERecord?id=CVE-2023-41000 [1] https://github.com/gpac/gpac/issues/2550 [2] https://github.com/gpac/gpac/commit/0018b5e4e07a1465287e7dff69b387929f5a75fa Please adjust the affected versions in the BTS as needed. Regards, Salvatore
