VYPR

MP4Box

by Gpac

Source repositories

CVEs (112)

  • CVE-2021-40574HigJan 13, 2022
    risk 0.00cvss 7.8epss 0.01

    The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

  • CVE-2021-40573MedJan 13, 2022
    risk 0.00cvss 5.5epss 0.01

    The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.

  • CVE-2021-40572MedJan 13, 2022
    risk 0.00cvss 5.5epss 0.01

    The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.

  • CVE-2021-40571HigJan 13, 2022
    risk 0.00cvss 7.8epss 0.01

    The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

  • CVE-2021-40570HigJan 13, 2022
    risk 0.00cvss 7.8epss 0.01

    The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

  • CVE-2021-40569MedJan 13, 2022
    risk 0.00cvss 5.5epss 0.01

    The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service.

  • CVE-2021-40564MedJan 12, 2022
    risk 0.00cvss 5.5epss 0.01

    A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.

  • CVE-2021-40563MedJan 12, 2022
    risk 0.00cvss 5.5epss 0.01

    A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.

  • CVE-2020-25427MedJan 10, 2022
    risk 0.00cvss 5.5epss 0.01

    A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.

  • CVE-2021-33365MedSep 13, 2021
    risk 0.00cvss 5.5epss 0.01

    Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

  • CVE-2021-33363MedSep 13, 2021
    risk 0.00cvss 5.5epss 0.01

    Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

  • CVE-2021-33361MedSep 13, 2021
    risk 0.00cvss 5.5epss 0.01

    Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

  • CVE-2021-32139MedSep 13, 2021
    risk 0.00cvss 5.5epss 0.01

    The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

  • CVE-2021-32138MedSep 13, 2021
    risk 0.00cvss 5.5epss 0.01

    The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

  • CVE-2021-33366MedSep 13, 2021
    risk 0.00cvss 5.5epss 0.01

    Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

  • CVE-2021-33364MedSep 13, 2021
    risk 0.00cvss 5.5epss 0.01

    Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

  • CVE-2021-33362HigSep 13, 2021
    risk 0.00cvss 7.8epss 0.01

    Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

  • CVE-2021-32132MedSep 13, 2021
    risk 0.00cvss 5.5epss 0.01

    The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

  • CVE-2021-32137MedSep 13, 2021
    risk 0.00cvss 5.5epss 0.01

    Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

  • CVE-2021-32134MedSep 13, 2021
    risk 0.00cvss 5.5epss 0.01

    The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Page 5 of 6