VYPR
Vendor

Gpac

Products
2
CVEs
420
Across products
437
Status
Private

Products

2

Recent CVEs

420
View all 420 CVEs →
  • CVE-2018-13005CriJun 29, 2018
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.

  • CVE-2018-1000100HigMar 6, 2018
    risk 0.51cvss 7.8epss 0.01

    GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run…

  • CVE-2025-55657HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-52293HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.

  • CVE-2025-52292HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2022-47090HigJan 24, 2025
    risk 0.44cvss 7.8epss 0.00

    GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns

  • CVE-2025-55642MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c).

  • CVE-2025-55659MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55658MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

  • CVE-2025-55663MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55661MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55660MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55652MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55650MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55649MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55648MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55647MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55645MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55644MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55643MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.