VYPR

Gpac

by Gpac

Source repositories

CVEs (414)

  • CVE-2025-70310Jan 15, 2026
    risk 0.00cvss epss 0.00

    A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.

  • CVE-2025-7797Jul 18, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The…

  • CVE-2025-25723Feb 28, 2025
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code.

  • CVE-2024-57184Jan 24, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.

  • CVE-2024-50665Jan 23, 2025
    risk 0.00cvss epss 0.00

    gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box.

  • CVE-2024-50664Jan 23, 2025
    risk 0.00cvss epss 0.00

    gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box.

  • CVE-2023-4679Nov 15, 2024
    risk 0.00cvss epss 0.00

    A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash.

  • CVE-2024-6064Jun 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local…

  • CVE-2024-6063Jun 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to…

  • CVE-2024-6062Jun 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The…

  • CVE-2024-6061Jun 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is…

  • CVE-2024-28318Mar 15, 2024
    risk 0.00cvss epss 0.01

    gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325

  • CVE-2024-28319Mar 15, 2024
    risk 0.00cvss epss 0.00

    gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374

  • CVE-2023-46427Mar 9, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in…

  • CVE-2023-46426Mar 9, 2024
    risk 0.00cvss epss 0.01

    Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c.

  • CVE-2024-24267Feb 5, 2024
    risk 0.00cvss epss 0.02

    gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.

  • CVE-2024-24265Feb 5, 2024
    risk 0.00cvss epss 0.01

    gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.

  • CVE-2024-24266Feb 5, 2024
    risk 0.00cvss epss 0.01

    gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.

  • CVE-2024-22749Jan 25, 2024
    risk 0.00cvss epss 0.01

    GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577

  • CVE-2023-50120Jan 10, 2024
    risk 0.00cvss epss 0.00

    MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Page 4 of 21