VYPR

MP4Box

by Gpac

Source repositories

CVEs (112)

  • CVE-2025-55644MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55643MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55641MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55651MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2023-47384MedNov 14, 2023
    risk 0.36cvss 5.5epss 0.00

    MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

  • CVE-2022-47662MedJan 5, 2023
    risk 0.36cvss 5.5epss 0.00

    GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662

  • CVE-2022-47086MedJan 5, 2023
    risk 0.36cvss 5.5epss 0.00

    GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c

  • CVE-2021-40944MedJun 28, 2022
    risk 0.36cvss 5.5epss 0.01

    In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).

  • CVE-2021-40609MedJun 28, 2022
    risk 0.36cvss 5.5epss 0.01

    The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.

  • CVE-2021-40608MedJun 28, 2022
    risk 0.36cvss 5.5epss 0.01

    The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.

  • CVE-2021-40607MedJun 28, 2022
    risk 0.36cvss 5.5epss 0.01

    The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.

  • CVE-2021-40606MedJun 28, 2022
    risk 0.36cvss 5.5epss 0.01

    The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.

  • CVE-2021-40942MedJun 27, 2022
    risk 0.36cvss 5.5epss 0.01

    In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS).

  • CVE-2021-41458MedJun 16, 2022
    risk 0.36cvss 5.5epss 0.01

    In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.

  • CVE-2022-27148MedApr 8, 2022
    risk 0.36cvss 5.5epss 0.01

    GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.

  • CVE-2022-27147MedApr 8, 2022
    risk 0.36cvss 5.5epss 0.01

    GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.

  • CVE-2022-27146MedApr 8, 2022
    risk 0.36cvss 5.5epss 0.01

    GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.

  • CVE-2022-27145MedApr 8, 2022
    risk 0.36cvss 5.5epss 0.01

    GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.

  • CVE-2022-24576MedMar 14, 2022
    risk 0.36cvss 5.5epss 0.01

    GPAC 1.0.1 is affected by Use After Free through MP4Box.

  • CVE-2021-46313MedJan 21, 2022
    risk 0.36cvss 5.5epss 0.01

    The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS).

Page 3 of 6