MP4Box
by Gpac
Source repositories
CVEs (112)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55644 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55643 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55641 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55651 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2023-47384 | Med | 0.36 | 5.5 | 0.00 | Nov 14, 2023 | MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | ||
| CVE-2022-47662 | Med | 0.36 | 5.5 | 0.00 | Jan 5, 2023 | GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662 | ||
| CVE-2022-47086 | Med | 0.36 | 5.5 | 0.00 | Jan 5, 2023 | GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c | ||
| CVE-2021-40944 | Med | 0.36 | 5.5 | 0.01 | Jun 28, 2022 | In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). | ||
| CVE-2021-40609 | Med | 0.36 | 5.5 | 0.01 | Jun 28, 2022 | The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | ||
| CVE-2021-40608 | Med | 0.36 | 5.5 | 0.01 | Jun 28, 2022 | The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | ||
| CVE-2021-40607 | Med | 0.36 | 5.5 | 0.01 | Jun 28, 2022 | The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | ||
| CVE-2021-40606 | Med | 0.36 | 5.5 | 0.01 | Jun 28, 2022 | The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | ||
| CVE-2021-40942 | Med | 0.36 | 5.5 | 0.01 | Jun 27, 2022 | In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). | ||
| CVE-2021-41458 | Med | 0.36 | 5.5 | 0.01 | Jun 16, 2022 | In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability. | ||
| CVE-2022-27148 | Med | 0.36 | 5.5 | 0.01 | Apr 8, 2022 | GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. | ||
| CVE-2022-27147 | Med | 0.36 | 5.5 | 0.01 | Apr 8, 2022 | GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. | ||
| CVE-2022-27146 | Med | 0.36 | 5.5 | 0.01 | Apr 8, 2022 | GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. | ||
| CVE-2022-27145 | Med | 0.36 | 5.5 | 0.01 | Apr 8, 2022 | GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. | ||
| CVE-2022-24576 | Med | 0.36 | 5.5 | 0.01 | Mar 14, 2022 | GPAC 1.0.1 is affected by Use After Free through MP4Box. | ||
| CVE-2021-46313 | Med | 0.36 | 5.5 | 0.01 | Jan 21, 2022 | The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS). |
- risk 0.36cvss 5.5epss 0.00
A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662
- risk 0.36cvss 5.5epss 0.00
GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c
- risk 0.36cvss 5.5epss 0.01
In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).
- risk 0.36cvss 5.5epss 0.01
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
- risk 0.36cvss 5.5epss 0.01
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
- risk 0.36cvss 5.5epss 0.01
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
- risk 0.36cvss 5.5epss 0.01
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
- risk 0.36cvss 5.5epss 0.01
In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS).
- risk 0.36cvss 5.5epss 0.01
In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.
- risk 0.36cvss 5.5epss 0.01
GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.
- risk 0.36cvss 5.5epss 0.01
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.
- risk 0.36cvss 5.5epss 0.01
GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.
- risk 0.36cvss 5.5epss 0.01
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.
- risk 0.36cvss 5.5epss 0.01
GPAC 1.0.1 is affected by Use After Free through MP4Box.
- risk 0.36cvss 5.5epss 0.01
The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS).
Page 3 of 6