Gpac
Products
2- 414 CVEs
- 23 CVEs
Recent CVEs
420| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-13005 | Cri | 0.64 | 9.8 | 0.03 | Jun 29, 2018 | An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. | ||
| CVE-2018-1000100 | Hig | 0.51 | 7.8 | 0.01 | Mar 6, 2018 | GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run… | ||
| CVE-2025-55657 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-52293 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data. | ||
| CVE-2025-52292 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2026 | A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2022-47090 | Hig | 0.44 | 7.8 | 0.00 | Jan 24, 2025 | GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns | ||
| CVE-2025-55642 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c). | ||
| CVE-2025-55659 | Med | 0.42 | 6.5 | 0.00 | Jun 9, 2026 | A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55658 | Med | 0.42 | 6.5 | 0.00 | Jun 9, 2026 | GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | ||
| CVE-2025-55663 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55661 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55660 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55652 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55650 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55649 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55648 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55647 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55645 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55644 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55643 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. |
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.
- risk 0.51cvss 7.8epss 0.01
GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run…
- risk 0.49cvss 7.5epss 0.00
A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.49cvss 7.5epss 0.00
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.
- risk 0.49cvss 7.5epss 0.01
A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.44cvss 7.8epss 0.00
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns
- risk 0.42cvss 6.5epss 0.00
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c).
- risk 0.42cvss 6.5epss 0.00
A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.42cvss 6.5epss 0.00
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.