VYPR

Gpac

by Gpac

Source repositories

CVEs (414)

  • CVE-2020-35980Apr 21, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.

  • CVE-2021-30014Apr 19, 2021
    risk 0.00cvss epss 0.01

    There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash.

  • CVE-2021-30020Apr 19, 2021
    risk 0.00cvss epss 0.01

    In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop.

  • CVE-2021-30199Apr 19, 2021
    risk 0.00cvss epss 0.01

    In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.

  • CVE-2021-30022Apr 19, 2021
    risk 0.00cvss epss 0.01

    There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC from 0.5.2 to 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash.

  • CVE-2021-30015Apr 19, 2021
    risk 0.00cvss epss 0.01

    There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal.

  • CVE-2021-29279Apr 19, 2021
    risk 0.00cvss epss 0.01

    There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed.

  • CVE-2021-30019Apr 19, 2021
    risk 0.00cvss epss 0.01

    In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy.

  • CVE-2021-31258Apr 19, 2021
    risk 0.00cvss epss 0.01

    The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

  • CVE-2021-31262Apr 19, 2021
    risk 0.00cvss epss 0.01

    The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

  • CVE-2021-31257Apr 19, 2021
    risk 0.00cvss epss 0.01

    The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

  • CVE-2021-31259Apr 19, 2021
    risk 0.00cvss epss 0.01

    The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

  • CVE-2021-31254Apr 19, 2021
    risk 0.00cvss epss 0.01

    Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.

  • CVE-2021-31255Apr 19, 2021
    risk 0.00cvss epss 0.01

    Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

  • CVE-2021-31256Apr 19, 2021
    risk 0.00cvss epss 0.01

    Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

  • CVE-2021-31261Apr 19, 2021
    risk 0.00cvss epss 0.01

    The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.

  • CVE-2021-31260Apr 19, 2021
    risk 0.00cvss epss 0.01

    The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

  • CVE-2021-28300Apr 14, 2021
    risk 0.00cvss epss 0.02

    NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.

  • CVE-2020-11558Apr 5, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read,…

  • CVE-2019-20628Mar 24, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.