Vendor CVEs
Gpac
All CVEs
420 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-60467 | 0.00 | — | 0.01 | Jun 24, 2026 | A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file. | |||
| CVE-2025-60468 | 0.00 | — | 0.00 | Jun 24, 2026 | GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: filter_core/filter_pid.c (L:574-580): function gf_filter_pid_inst_swap_delete_task()… | |||
| CVE-2025-60471 | 0.00 | — | 0.00 | Jun 24, 2026 | A use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file. | |||
| CVE-2025-60466 | 0.00 | — | 0.00 | Jun 24, 2026 | A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file. | |||
| CVE-2025-60473 | 0.00 | — | 0.00 | Jun 24, 2026 | A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file. | |||
| CVE-2025-55639 | 0.00 | — | 0.00 | Jun 23, 2026 | GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind() function at isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | |||
| CVE-2026-27821 | 0.00 | — | 0.00 | Feb 26, 2026 | GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd XML attribute is copied from att->value into szXmlHeaderEnd[1000] using… | |||
| CVE-2025-70305 | 0.00 | — | 0.00 | Jan 15, 2026 | A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file. | |||
| CVE-2025-70303 | 0.00 | — | 0.00 | Jan 15, 2026 | A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | |||
| CVE-2025-70298 | 0.00 | — | 0.00 | Jan 15, 2026 | GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function. | |||
| CVE-2025-70310 | 0.00 | — | 0.00 | Jan 15, 2026 | A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file. | |||
| CVE-2025-70309 | 0.00 | — | 0.00 | Jan 15, 2026 | A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file. | |||
| CVE-2025-70304 | 0.00 | — | 0.00 | Jan 15, 2026 | A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||
| CVE-2025-70302 | 0.00 | — | 0.00 | Jan 15, 2026 | A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2025-70308 | 0.00 | — | 0.00 | Jan 15, 2026 | An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file. | |||
| CVE-2025-70299 | 0.00 | — | 0.00 | Jan 15, 2026 | A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file. | |||
| CVE-2025-70307 | 0.00 | — | 0.00 | Jan 15, 2026 | A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||
| CVE-2025-7797 | 0.00 | — | 0.01 | Jul 18, 2025 | A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The… | |||
| CVE-2025-25723 | 0.00 | — | 0.00 | Feb 28, 2025 | Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code. | |||
| CVE-2024-57184 | 0.00 | — | 0.00 | Jan 24, 2025 | An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file. | |||
| CVE-2024-50665 | 0.00 | — | 0.00 | Jan 23, 2025 | gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box. | |||
| CVE-2024-50664 | 0.00 | — | 0.00 | Jan 23, 2025 | gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box. | |||
| CVE-2023-4679 | 0.00 | — | 0.00 | Nov 15, 2024 | A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash. | |||
| CVE-2024-6064 | 0.00 | — | 0.00 | Jun 17, 2024 | A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local… | |||
| CVE-2024-6063 | 0.00 | — | 0.00 | Jun 17, 2024 | A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to… | |||
| CVE-2024-6062 | 0.00 | — | 0.00 | Jun 17, 2024 | A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The… | |||
| CVE-2024-6061 | 0.00 | — | 0.00 | Jun 17, 2024 | A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is… | |||
| CVE-2024-28318 | 0.00 | — | 0.01 | Mar 15, 2024 | gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325 | |||
| CVE-2024-28319 | 0.00 | — | 0.00 | Mar 15, 2024 | gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374 | |||
| CVE-2023-46426 | 0.00 | — | 0.01 | Mar 9, 2024 | Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c. | |||
| CVE-2023-46427 | 0.00 | — | 0.01 | Mar 9, 2024 | An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in… | |||
| CVE-2024-24267 | 0.00 | — | 0.02 | Feb 5, 2024 | gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function. | |||
| CVE-2024-24266 | 0.00 | — | 0.01 | Feb 5, 2024 | gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c. | |||
| CVE-2024-24265 | 0.00 | — | 0.01 | Feb 5, 2024 | gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function. | |||
| CVE-2024-22749 | 0.00 | — | 0.01 | Jan 25, 2024 | GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577 | |||
| CVE-2023-50120 | 0.00 | — | 0.00 | Jan 10, 2024 | MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | |||
| CVE-2024-0322 | 0.00 | — | 0.01 | Jan 8, 2024 | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. | |||
| CVE-2024-0321 | 0.00 | — | 0.01 | Jan 8, 2024 | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. | |||
| CVE-2023-46929 | 0.00 | — | 0.01 | Jan 3, 2024 | An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application. | |||
| CVE-2023-47465 | 0.00 | — | 0.00 | Dec 9, 2023 | An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c. | |||
| CVE-2023-46932 | 0.00 | — | 0.01 | Dec 9, 2023 | Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box. | |||
| CVE-2023-48958 | 0.00 | — | 0.00 | Dec 7, 2023 | gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589. | |||
| CVE-2023-46871 | 0.00 | — | 0.01 | Dec 7, 2023 | GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service. | |||
| CVE-2023-48090 | 0.00 | — | 0.00 | Nov 20, 2023 | GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329. | |||
| CVE-2023-48039 | 0.00 | — | 0.00 | Nov 20, 2023 | GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75. | |||
| CVE-2023-48011 | 0.00 | — | 0.00 | Nov 15, 2023 | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c. | |||
| CVE-2023-48013 | 0.00 | — | 0.00 | Nov 15, 2023 | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. | |||
| CVE-2023-48014 | 0.00 | — | 0.00 | Nov 15, 2023 | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c. | |||
| CVE-2023-47384 | 0.00 | — | 0.00 | Nov 14, 2023 | MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | |||
| CVE-2023-5998 | 0.00 | — | 0.01 | Nov 7, 2023 | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. |
- CVE-2025-60467Jun 24, 2026risk 0.00cvss —epss 0.01
A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file.
- CVE-2025-60468Jun 24, 2026risk 0.00cvss —epss 0.00
GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: filter_core/filter_pid.c (L:574-580): function gf_filter_pid_inst_swap_delete_task()…
- CVE-2025-60471Jun 24, 2026risk 0.00cvss —epss 0.00
A use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file.
- CVE-2025-60466Jun 24, 2026risk 0.00cvss —epss 0.00
A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file.
- CVE-2025-60473Jun 24, 2026risk 0.00cvss —epss 0.00
A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
- CVE-2025-55639Jun 23, 2026risk 0.00cvss —epss 0.00
GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind() function at isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
- CVE-2026-27821Feb 26, 2026risk 0.00cvss —epss 0.00
GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd XML attribute is copied from att->value into szXmlHeaderEnd[1000] using…
- CVE-2025-70305Jan 15, 2026risk 0.00cvss —epss 0.00
A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.
- CVE-2025-70303Jan 15, 2026risk 0.00cvss —epss 0.00
A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
- CVE-2025-70298Jan 15, 2026risk 0.00cvss —epss 0.00
GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.
- CVE-2025-70310Jan 15, 2026risk 0.00cvss —epss 0.00
A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.
- CVE-2025-70309Jan 15, 2026risk 0.00cvss —epss 0.00
A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.
- CVE-2025-70304Jan 15, 2026risk 0.00cvss —epss 0.00
A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
- CVE-2025-70302Jan 15, 2026risk 0.00cvss —epss 0.00
A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-70308Jan 15, 2026risk 0.00cvss —epss 0.00
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.
- CVE-2025-70299Jan 15, 2026risk 0.00cvss —epss 0.00
A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.
- CVE-2025-70307Jan 15, 2026risk 0.00cvss —epss 0.00
A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
- CVE-2025-7797Jul 18, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The…
- CVE-2025-25723Feb 28, 2025risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code.
- CVE-2024-57184Jan 24, 2025risk 0.00cvss —epss 0.00
An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.
- CVE-2024-50665Jan 23, 2025risk 0.00cvss —epss 0.00
gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box.
- CVE-2024-50664Jan 23, 2025risk 0.00cvss —epss 0.00
gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box.
- CVE-2023-4679Nov 15, 2024risk 0.00cvss —epss 0.00
A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash.
- CVE-2024-6064Jun 17, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local…
- CVE-2024-6063Jun 17, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to…
- CVE-2024-6062Jun 17, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The…
- CVE-2024-6061Jun 17, 2024risk 0.00cvss —epss 0.00
A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is…
- CVE-2024-28318Mar 15, 2024risk 0.00cvss —epss 0.01
gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325
- CVE-2024-28319Mar 15, 2024risk 0.00cvss —epss 0.00
gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374
- CVE-2023-46426Mar 9, 2024risk 0.00cvss —epss 0.01
Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c.
- CVE-2023-46427Mar 9, 2024risk 0.00cvss —epss 0.01
An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in…
- CVE-2024-24267Feb 5, 2024risk 0.00cvss —epss 0.02
gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
- CVE-2024-24266Feb 5, 2024risk 0.00cvss —epss 0.01
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
- CVE-2024-24265Feb 5, 2024risk 0.00cvss —epss 0.01
gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.
- CVE-2024-22749Jan 25, 2024risk 0.00cvss —epss 0.01
GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577
- CVE-2023-50120Jan 10, 2024risk 0.00cvss —epss 0.00
MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
- CVE-2024-0322Jan 8, 2024risk 0.00cvss —epss 0.01
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
- CVE-2024-0321Jan 8, 2024risk 0.00cvss —epss 0.01
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
- CVE-2023-46929Jan 3, 2024risk 0.00cvss —epss 0.01
An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.
- CVE-2023-47465Dec 9, 2023risk 0.00cvss —epss 0.00
An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c.
- CVE-2023-46932Dec 9, 2023risk 0.00cvss —epss 0.01
Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.
- CVE-2023-48958Dec 7, 2023risk 0.00cvss —epss 0.00
gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
- CVE-2023-46871Dec 7, 2023risk 0.00cvss —epss 0.01
GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.
- CVE-2023-48090Nov 20, 2023risk 0.00cvss —epss 0.00
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.
- CVE-2023-48039Nov 20, 2023risk 0.00cvss —epss 0.00
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.
- CVE-2023-48011Nov 15, 2023risk 0.00cvss —epss 0.00
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.
- CVE-2023-48013Nov 15, 2023risk 0.00cvss —epss 0.00
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.
- CVE-2023-48014Nov 15, 2023risk 0.00cvss —epss 0.00
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.
- CVE-2023-47384Nov 14, 2023risk 0.00cvss —epss 0.00
MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
- CVE-2023-5998Nov 7, 2023risk 0.00cvss —epss 0.01
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.
Page 2 of 9