VYPR

Gpac

by Gpac

Source repositories

CVEs (414)

  • CVE-2018-13005CriJun 29, 2018
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.

  • CVE-2018-1000100HigMar 6, 2018
    risk 0.51cvss 7.8epss 0.01

    GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run…

  • CVE-2025-55657HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-52292HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2022-47090HigJan 24, 2025
    risk 0.44cvss 7.8epss 0.00

    GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns

  • CVE-2025-55642MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c).

  • CVE-2025-55659MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55658MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

  • CVE-2025-55652MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55650MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55649MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55648MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55647MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55645MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55644MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55643MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55641MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55651MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2026-4185MedMar 16, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow.…

  • CVE-2026-4016MedMar 12, 2026
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is required to approach this…

Page 1 of 21