MP4Box
by Gpac
Source repositories
CVEs (112)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32136 | Hig | 0.00 | 7.8 | 0.01 | Sep 13, 2021 | Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | ||
| CVE-2021-32440 | Med | 0.00 | 5.5 | 0.01 | Aug 11, 2021 | The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | ||
| CVE-2021-32439 | Hig | 0.00 | 7.8 | 0.01 | Aug 11, 2021 | Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | ||
| CVE-2021-32438 | Med | 0.00 | 5.5 | 0.01 | Aug 11, 2021 | The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | ||
| CVE-2021-32437 | Med | 0.00 | 5.5 | 0.01 | Aug 11, 2021 | The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | ||
| CVE-2020-19488 | Med | 0.00 | 5.5 | 0.01 | Jul 21, 2021 | An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilst_item_Read. | ||
| CVE-2020-19481 | Med | 0.00 | 5.5 | 0.01 | Jul 21, 2021 | An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | ||
| CVE-2021-31259 | Med | 0.00 | 5.5 | 0.01 | Apr 19, 2021 | The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | ||
| CVE-2021-31256 | Med | 0.00 | 5.5 | 0.01 | Apr 19, 2021 | Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | ||
| CVE-2021-31255 | Hig | 0.00 | 7.8 | 0.01 | Apr 19, 2021 | Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | ||
| CVE-2021-31254 | Hig | 0.00 | 7.8 | 0.01 | Apr 19, 2021 | Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes. | ||
| CVE-2018-20762 | Hig | 0.00 | 7.8 | 0.01 | Feb 6, 2019 | GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames. |
- risk 0.00cvss 7.8epss 0.01
Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
- risk 0.00cvss 5.5epss 0.01
The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- risk 0.00cvss 7.8epss 0.01
Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
- risk 0.00cvss 5.5epss 0.01
The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- risk 0.00cvss 5.5epss 0.01
The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- risk 0.00cvss 5.5epss 0.01
An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilst_item_Read.
- risk 0.00cvss 5.5epss 0.01
An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
- risk 0.00cvss 5.5epss 0.01
The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- risk 0.00cvss 5.5epss 0.01
Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
- risk 0.00cvss 7.8epss 0.01
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
- risk 0.00cvss 7.8epss 0.01
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.
- risk 0.00cvss 7.8epss 0.01
GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.
Page 6 of 6