VYPR

Gpac

by Gpac

Source repositories

CVEs (414)

  • CVE-2026-4015MedMar 12, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the…

  • CVE-2026-33144MedMar 20, 2026
    risk 0.31cvss 5.8epss 0.00

    GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bit_sequence_bs function in utils/xml_bin_custom.c when processing a crafted NHML…

  • CVE-2025-60495MedJun 1, 2026
    risk 0.29cvss 5.5epss 0.00

    A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted data file.

  • CVE-2025-60486MedJun 1, 2026
    risk 0.29cvss 5.5epss 0.00

    A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file.

  • CVE-2025-60485MedJun 1, 2026
    risk 0.29cvss 5.5epss 0.00

    A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-60483MedJun 1, 2026
    risk 0.29cvss 5.5epss 0.00

    A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.

  • CVE-2025-60481MedJun 1, 2026
    risk 0.29cvss 5.5epss 0.00

    A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.

  • CVE-2025-55664MedJun 1, 2026
    risk 0.29cvss 5.5epss 0.00

    A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2026-39103MedMay 5, 2026
    risk 0.29cvss 5.5epss 0.00

    Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute()

  • CVE-2025-70116MedMay 27, 2026
    risk 0.28cvss 4.3epss 0.00

    A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields (e.g., codec/mime/profile strings). gf_media_map_esd then calls strlen() on a NULL pointer, triggering a crash (ASan SEGV).

  • CVE-2026-7135MedApr 27, 2026
    risk 0.27cvss 5.3epss 0.00

    A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the component MP4Box. Performing a manipulation of the argument elng results in…

  • CVE-2026-1418MedJan 26, 2026
    risk 0.27cvss 5.3epss 0.00

    A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack needs to be performed…

  • CVE-2025-60477MedJun 3, 2026
    risk 0.26cvss 5.0epss 0.00

    A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.

  • CVE-2026-11478LowJun 8, 2026
    risk 0.21cvss 3.3epss 0.00

    A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is…

  • CVE-2026-10215MedJun 1, 2026
    risk 0.21cvss 4.3epss 0.00

    A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api_holidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The…

  • CVE-2026-9572LowMay 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a…

  • CVE-2026-9567LowMay 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been…

  • CVE-2026-8124LowMay 8, 2026
    risk 0.14cvss 3.3epss 0.00

    A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly…

  • CVE-2026-1417LowJan 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to…

  • CVE-2026-1416LowJan 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit…

Page 2 of 21