Gpac
by Gpac
Source repositories
CVEs (414)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-43045 | 0.00 | — | 0.00 | Oct 19, 2022 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c. | |||
| CVE-2022-3222 | 0.00 | — | 0.01 | Sep 15, 2022 | Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. | |||
| CVE-2022-3178 | 0.00 | — | 0.00 | Sep 12, 2022 | Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. | |||
| CVE-2022-38530 | 0.00 | — | 0.00 | Sep 6, 2022 | GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD. | |||
| CVE-2022-36186 | 0.00 | — | 0.01 | Aug 17, 2022 | A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1. | |||
| CVE-2022-36190 | 0.00 | — | 0.01 | Aug 17, 2022 | GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242. | |||
| CVE-2022-2549 | 0.00 | — | 0.00 | Jul 27, 2022 | NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV. | |||
| CVE-2022-2453 | 0.00 | — | 0.00 | Jul 19, 2022 | Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV. | |||
| CVE-2022-2454 | 0.00 | — | 0.00 | Jul 19, 2022 | Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV. | |||
| CVE-2021-40607 | 0.00 | — | 0.01 | Jun 28, 2022 | The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | |||
| CVE-2021-40606 | 0.00 | — | 0.01 | Jun 28, 2022 | The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | |||
| CVE-2021-40944 | 0.00 | — | 0.01 | Jun 28, 2022 | In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). | |||
| CVE-2021-40608 | 0.00 | — | 0.01 | Jun 28, 2022 | The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | |||
| CVE-2021-40609 | 0.00 | — | 0.01 | Jun 28, 2022 | The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | |||
| CVE-2021-40942 | 0.00 | — | 0.01 | Jun 27, 2022 | In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). | |||
| CVE-2021-41458 | 0.00 | — | 0.01 | Jun 16, 2022 | In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability. | |||
| CVE-2021-40592 | 0.00 | — | 0.01 | Jun 8, 2022 | GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To… | |||
| CVE-2022-30976 | 0.00 | — | 0.01 | May 18, 2022 | GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box. | |||
| CVE-2022-1795 | 0.00 | — | 0.01 | May 18, 2022 | Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. | |||
| CVE-2022-29340 | 0.00 | — | 0.01 | May 5, 2022 | GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. |
- CVE-2022-43045Oct 19, 2022risk 0.00cvss —epss 0.00
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.
- CVE-2022-3222Sep 15, 2022risk 0.00cvss —epss 0.01
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
- CVE-2022-3178Sep 12, 2022risk 0.00cvss —epss 0.00
Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.
- CVE-2022-38530Sep 6, 2022risk 0.00cvss —epss 0.00
GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD.
- CVE-2022-36186Aug 17, 2022risk 0.00cvss —epss 0.01
A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1.
- CVE-2022-36190Aug 17, 2022risk 0.00cvss —epss 0.01
GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.
- CVE-2022-2549Jul 27, 2022risk 0.00cvss —epss 0.00
NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.
- CVE-2022-2453Jul 19, 2022risk 0.00cvss —epss 0.00
Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.
- CVE-2022-2454Jul 19, 2022risk 0.00cvss —epss 0.00
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV.
- CVE-2021-40607Jun 28, 2022risk 0.00cvss —epss 0.01
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
- CVE-2021-40606Jun 28, 2022risk 0.00cvss —epss 0.01
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
- CVE-2021-40944Jun 28, 2022risk 0.00cvss —epss 0.01
In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).
- CVE-2021-40608Jun 28, 2022risk 0.00cvss —epss 0.01
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
- CVE-2021-40609Jun 28, 2022risk 0.00cvss —epss 0.01
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
- CVE-2021-40942Jun 27, 2022risk 0.00cvss —epss 0.01
In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS).
- CVE-2021-41458Jun 16, 2022risk 0.00cvss —epss 0.01
In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.
- CVE-2021-40592Jun 8, 2022risk 0.00cvss —epss 0.01
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To…
- CVE-2022-30976May 18, 2022risk 0.00cvss —epss 0.01
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
- CVE-2022-1795May 18, 2022risk 0.00cvss —epss 0.01
Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.
- CVE-2022-29340May 5, 2022risk 0.00cvss —epss 0.01
GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.
Page 10 of 21