Gpac
by Gpac
Source repositories
CVEs (414)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32270 | 0.00 | — | 0.01 | Sep 20, 2021 | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service. | |||
| CVE-2021-32269 | 0.00 | — | 0.01 | Sep 20, 2021 | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service. | |||
| CVE-2021-32139 | 0.00 | — | 0.01 | Sep 13, 2021 | The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-32138 | 0.00 | — | 0.01 | Sep 13, 2021 | The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-33362 | 0.00 | — | 0.01 | Sep 13, 2021 | Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | |||
| CVE-2021-32132 | 0.00 | — | 0.01 | Sep 13, 2021 | The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-32135 | 0.00 | — | 0.01 | Sep 13, 2021 | The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-32137 | 0.00 | — | 0.01 | Sep 13, 2021 | Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | |||
| CVE-2021-32134 | 0.00 | — | 0.01 | Sep 13, 2021 | The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-32136 | 0.00 | — | 0.01 | Sep 13, 2021 | Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | |||
| CVE-2021-33364 | 0.00 | — | 0.01 | Sep 13, 2021 | Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | |||
| CVE-2021-33363 | 0.00 | — | 0.01 | Sep 13, 2021 | Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | |||
| CVE-2021-33361 | 0.00 | — | 0.01 | Sep 13, 2021 | Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | |||
| CVE-2021-33365 | 0.00 | — | 0.01 | Sep 13, 2021 | Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | |||
| CVE-2021-33366 | 0.00 | — | 0.01 | Sep 13, 2021 | Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | |||
| CVE-2020-19751 | 0.00 | — | 0.01 | Sep 7, 2021 | An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. | |||
| CVE-2020-19750 | 0.00 | — | 0.01 | Sep 7, 2021 | An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. | |||
| CVE-2021-21850 | 0.00 | — | 0.02 | Aug 25, 2021 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC… | |||
| CVE-2021-21848 | 0.00 | — | 0.02 | Aug 25, 2021 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2”… | |||
| CVE-2021-21849 | 0.00 | — | 0.02 | Aug 25, 2021 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC… |
- CVE-2021-32270Sep 20, 2021risk 0.00cvss —epss 0.01
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service.
- CVE-2021-32269Sep 20, 2021risk 0.00cvss —epss 0.01
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service.
- CVE-2021-32139Sep 13, 2021risk 0.00cvss —epss 0.01
The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-32138Sep 13, 2021risk 0.00cvss —epss 0.01
The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-33362Sep 13, 2021risk 0.00cvss —epss 0.01
Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
- CVE-2021-32132Sep 13, 2021risk 0.00cvss —epss 0.01
The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-32135Sep 13, 2021risk 0.00cvss —epss 0.01
The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-32137Sep 13, 2021risk 0.00cvss —epss 0.01
Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
- CVE-2021-32134Sep 13, 2021risk 0.00cvss —epss 0.01
The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-32136Sep 13, 2021risk 0.00cvss —epss 0.01
Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
- CVE-2021-33364Sep 13, 2021risk 0.00cvss —epss 0.01
Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
- CVE-2021-33363Sep 13, 2021risk 0.00cvss —epss 0.01
Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
- CVE-2021-33361Sep 13, 2021risk 0.00cvss —epss 0.01
Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
- CVE-2021-33365Sep 13, 2021risk 0.00cvss —epss 0.01
Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
- CVE-2021-33366Sep 13, 2021risk 0.00cvss —epss 0.01
Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
- CVE-2020-19751Sep 7, 2021risk 0.00cvss —epss 0.01
An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.
- CVE-2020-19750Sep 7, 2021risk 0.00cvss —epss 0.01
An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.
- CVE-2021-21850Aug 25, 2021risk 0.00cvss —epss 0.02
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC…
- CVE-2021-21848Aug 25, 2021risk 0.00cvss —epss 0.02
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2”…
- CVE-2021-21849Aug 25, 2021risk 0.00cvss —epss 0.02
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC…
Page 16 of 21