VYPR

MP4Box

by Gpac

Source repositories

CVEs (112)

  • CVE-2021-46239MedJan 21, 2022
    risk 0.36cvss 5.5epss 0.01

    The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-45292MedDec 21, 2021
    risk 0.36cvss 5.5epss 0.01

    The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.

  • CVE-2021-45291MedDec 21, 2021
    risk 0.36cvss 5.5epss 0.01

    The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.

  • CVE-2020-22679MedOct 12, 2021
    risk 0.36cvss 5.5epss 0.01

    Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

  • CVE-2020-22673MedOct 12, 2021
    risk 0.36cvss 5.5epss 0.01

    Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

  • CVE-2023-46871MedDec 7, 2023
    risk 0.35cvss 5.3epss 0.01

    GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.

  • CVE-2025-60477MedJun 3, 2026
    risk 0.26cvss 5.0epss 0.00

    A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.

  • CVE-2026-15185Jul 10, 2026
    risk 0.00cvss epss 0.00

    A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of the file /src/media_tools/vobsub.c of the component MP4Box. Executing a manipulation of the argument num_langs can lead to out-of-bounds read. The attack needs to be launched locally.…

  • CVE-2025-60464Jun 28, 2026
    risk 0.00cvss epss 0.00

    A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 TS file.

  • CVE-2025-60465Jun 28, 2026
    risk 0.00cvss epss 0.00

    A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file.

  • CVE-2025-60467Jun 24, 2026
    risk 0.00cvss epss 0.01

    A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file.

  • CVE-2024-57184MedJan 24, 2025
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.

  • CVE-2024-6064MedJun 17, 2024
    risk 0.00cvss 5.3epss 0.00

    A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local…

  • CVE-2024-6063LowJun 17, 2024
    risk 0.00cvss 3.3epss 0.00

    A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to…

  • CVE-2024-6062LowJun 17, 2024
    risk 0.00cvss 3.3epss 0.00

    A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The…

  • CVE-2024-6061LowJun 17, 2024
    risk 0.00cvss 3.3epss 0.00

    A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is…

  • CVE-2023-46001MedNov 7, 2023
    risk 0.00cvss 5.5epss 0.00

    Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.

  • CVE-2022-1441HigApr 25, 2022
    risk 0.00cvss 7.8epss 0.01

    MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content…

  • CVE-2021-40576MedJan 13, 2022
    risk 0.00cvss 5.5epss 0.01

    The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service.

  • CVE-2021-40575MedJan 13, 2022
    risk 0.00cvss 5.5epss 0.01

    The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566.

Page 4 of 6