MP4Box
by Gpac
Source repositories
CVEs (112)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-40574 | Hig | 0.00 | 7.8 | 0.01 | Jan 13, 2022 | The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||
| CVE-2021-40573 | Med | 0.00 | 5.5 | 0.01 | Jan 13, 2022 | The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service. | ||
| CVE-2021-40572 | Med | 0.00 | 5.5 | 0.01 | Jan 13, 2022 | The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service. | ||
| CVE-2021-40571 | Hig | 0.00 | 7.8 | 0.01 | Jan 13, 2022 | The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||
| CVE-2021-40570 | Hig | 0.00 | 7.8 | 0.01 | Jan 13, 2022 | The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||
| CVE-2021-40569 | Med | 0.00 | 5.5 | 0.01 | Jan 13, 2022 | The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service. | ||
| CVE-2021-40564 | Med | 0.00 | 5.5 | 0.01 | Jan 12, 2022 | A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service. | ||
| CVE-2021-40563 | Med | 0.00 | 5.5 | 0.01 | Jan 12, 2022 | A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service. | ||
| CVE-2020-25427 | Med | 0.00 | 5.5 | 0.01 | Jan 10, 2022 | A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service. | ||
| CVE-2021-33365 | Med | 0.00 | 5.5 | 0.01 | Sep 13, 2021 | Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | ||
| CVE-2021-33363 | Med | 0.00 | 5.5 | 0.01 | Sep 13, 2021 | Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | ||
| CVE-2021-33361 | Med | 0.00 | 5.5 | 0.01 | Sep 13, 2021 | Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | ||
| CVE-2021-32139 | Med | 0.00 | 5.5 | 0.01 | Sep 13, 2021 | The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | ||
| CVE-2021-32138 | Med | 0.00 | 5.5 | 0.01 | Sep 13, 2021 | The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | ||
| CVE-2021-33366 | Med | 0.00 | 5.5 | 0.01 | Sep 13, 2021 | Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | ||
| CVE-2021-33364 | Med | 0.00 | 5.5 | 0.01 | Sep 13, 2021 | Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | ||
| CVE-2021-33362 | Hig | 0.00 | 7.8 | 0.01 | Sep 13, 2021 | Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | ||
| CVE-2021-32132 | Med | 0.00 | 5.5 | 0.01 | Sep 13, 2021 | The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | ||
| CVE-2021-32137 | Med | 0.00 | 5.5 | 0.01 | Sep 13, 2021 | Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | ||
| CVE-2021-32134 | Med | 0.00 | 5.5 | 0.01 | Sep 13, 2021 | The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. |
- risk 0.00cvss 7.8epss 0.01
The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
- risk 0.00cvss 5.5epss 0.01
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.
- risk 0.00cvss 5.5epss 0.01
The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.
- risk 0.00cvss 7.8epss 0.01
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
- risk 0.00cvss 7.8epss 0.01
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
- risk 0.00cvss 5.5epss 0.01
The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service.
- risk 0.00cvss 5.5epss 0.01
A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.
- risk 0.00cvss 5.5epss 0.01
A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.
- risk 0.00cvss 5.5epss 0.01
A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.
- risk 0.00cvss 5.5epss 0.01
Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
- risk 0.00cvss 5.5epss 0.01
Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
- risk 0.00cvss 5.5epss 0.01
Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
- risk 0.00cvss 5.5epss 0.01
The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- risk 0.00cvss 5.5epss 0.01
The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- risk 0.00cvss 5.5epss 0.01
Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
- risk 0.00cvss 5.5epss 0.01
Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
- risk 0.00cvss 7.8epss 0.01
Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
- risk 0.00cvss 5.5epss 0.01
The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- risk 0.00cvss 5.5epss 0.01
Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
- risk 0.00cvss 5.5epss 0.01
The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
Page 5 of 6