Filtered by vendor Gpac
Subscribe
Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47656 | 1 Gpac | 1 Gpac | 2025-04-09 | N/A | 7.8 HIGH |
| GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273 | |||||
| CVE-2022-47095 | 1 Gpac | 1 Gpac | 2025-04-09 | N/A | 7.8 HIGH |
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c | |||||
| CVE-2023-23145 | 1 Gpac | 1 Gpac | 2025-04-03 | N/A | 7.8 HIGH |
| GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function. | |||||
| CVE-2023-23144 | 1 Gpac | 1 Gpac | 2025-04-03 | N/A | 5.5 MEDIUM |
| Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master. | |||||
| CVE-2023-23143 | 1 Gpac | 1 Gpac | 2025-04-03 | N/A | 7.8 HIGH |
| Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master. | |||||
| CVE-2021-44923 | 1 Gpac | 1 Gpac | 2025-03-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash. | |||||
| CVE-2019-12483 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2025-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box. | |||||
| CVE-2019-12482 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2025-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box. | |||||
| CVE-2019-12481 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2025-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box. | |||||
| CVE-2021-40574 | 1 Gpac | 1 Gpac | 2025-03-05 | 6.8 MEDIUM | 7.8 HIGH |
| The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | |||||
| CVE-2021-30022 | 1 Gpac | 1 Gpac | 2025-03-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC from 0.5.2 to 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash. | |||||
| CVE-2021-30014 | 1 Gpac | 1 Gpac | 2025-03-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash. | |||||
| CVE-2020-24829 | 1 Gpac | 1 Gpac | 2025-03-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file. | |||||
| CVE-2019-20208 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2025-03-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow. | |||||
| CVE-2019-20171 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2025-03-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GPAC version 0.5.2 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c. | |||||
| CVE-2024-50664 | 1 Gpac | 1 Gpac | 2025-02-11 | N/A | 7.8 HIGH |
| gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box. | |||||
| CVE-2024-50665 | 1 Gpac | 1 Gpac | 2025-02-11 | N/A | 5.5 MEDIUM |
| gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box. | |||||
| CVE-2024-6064 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf690567980d96662f5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-268792. | |||||
| CVE-2024-6063 | 1 Gpac | 1 Gpac | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-268791. | |||||
| CVE-2024-6062 | 1 Gpac | 1 Gpac | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 31e499d310a48bd17c8b055a0bfe0fe35887a7cd. It is recommended to apply a patch to fix this issue. VDB-268790 is the identifier assigned to this vulnerability. | |||||