Vendor CVEs
Gpac
All CVEs
420 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-21859 | 0.00 | — | 0.02 | Aug 16, 2021 | An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open… | |||
| CVE-2021-32440 | 0.00 | — | 0.01 | Aug 11, 2021 | The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-32439 | 0.00 | — | 0.01 | Aug 11, 2021 | Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | |||
| CVE-2021-32437 | 0.00 | — | 0.01 | Aug 11, 2021 | The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-36584 | 0.00 | — | 0.01 | Aug 5, 2021 | An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_builder_do_tx3g function in ietf/rtp_pck_3gpp.c, as demonstrated by MP4Box. This can cause a denial of service (DOS). | |||
| CVE-2020-24829 | 0.00 | — | 0.01 | Aug 4, 2021 | An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file. | |||
| CVE-2020-22352 | 0.00 | — | 0.01 | Aug 4, 2021 | The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2020-19488 | 0.00 | — | 0.01 | Jul 21, 2021 | An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilst_item_Read. | |||
| CVE-2020-19481 | 0.00 | — | 0.01 | Jul 21, 2021 | An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | |||
| CVE-2020-23930 | 0.00 | — | 0.01 | Apr 21, 2021 | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service. | |||
| CVE-2020-23932 | 0.00 | — | 0.01 | Apr 21, 2021 | An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. | |||
| CVE-2020-23931 | 0.00 | — | 0.01 | Apr 21, 2021 | An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | |||
| CVE-2020-23928 | 0.00 | — | 0.01 | Apr 21, 2021 | An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | |||
| CVE-2020-35982 | 0.00 | — | 0.01 | Apr 21, 2021 | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c. | |||
| CVE-2020-35979 | 0.00 | — | 0.01 | Apr 21, 2021 | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c. | |||
| CVE-2020-35981 | 0.00 | — | 0.01 | Apr 21, 2021 | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c. | |||
| CVE-2020-35980 | 0.00 | — | 0.01 | Apr 21, 2021 | An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c. | |||
| CVE-2021-30020 | 0.00 | — | 0.01 | Apr 19, 2021 | In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop. | |||
| CVE-2021-29279 | 0.00 | — | 0.01 | Apr 19, 2021 | There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed. | |||
| CVE-2021-30015 | 0.00 | — | 0.01 | Apr 19, 2021 | There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal. | |||
| CVE-2021-30022 | 0.00 | — | 0.01 | Apr 19, 2021 | There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC from 0.5.2 to 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash. | |||
| CVE-2021-30019 | 0.00 | — | 0.01 | Apr 19, 2021 | In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy. | |||
| CVE-2021-30014 | 0.00 | — | 0.01 | Apr 19, 2021 | There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash. | |||
| CVE-2021-30199 | 0.00 | — | 0.01 | Apr 19, 2021 | In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash. | |||
| CVE-2021-31261 | 0.00 | — | 0.01 | Apr 19, 2021 | The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command. | |||
| CVE-2021-31255 | 0.00 | — | 0.01 | Apr 19, 2021 | Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | |||
| CVE-2021-31254 | 0.00 | — | 0.01 | Apr 19, 2021 | Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes. | |||
| CVE-2021-31262 | 0.00 | — | 0.01 | Apr 19, 2021 | The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-31256 | 0.00 | — | 0.01 | Apr 19, 2021 | Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | |||
| CVE-2021-31258 | 0.00 | — | 0.01 | Apr 19, 2021 | The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-31257 | 0.00 | — | 0.01 | Apr 19, 2021 | The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-31260 | 0.00 | — | 0.01 | Apr 19, 2021 | The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-31259 | 0.00 | — | 0.01 | Apr 19, 2021 | The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-28300 | 0.00 | — | 0.02 | Apr 14, 2021 | NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file. | |||
| CVE-2020-11558 | 0.00 | — | 0.02 | Apr 5, 2020 | An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read,… | |||
| CVE-2019-20628 | 0.00 | — | 0.01 | Mar 24, 2020 | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | |||
| CVE-2019-20629 | 0.00 | — | 0.01 | Mar 24, 2020 | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | |||
| CVE-2019-20630 | 0.00 | — | 0.01 | Mar 24, 2020 | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file. | |||
| CVE-2019-20631 | 0.00 | — | 0.01 | Mar 24, 2020 | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file. | |||
| CVE-2019-20632 | 0.00 | — | 0.01 | Mar 24, 2020 | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file. | |||
| CVE-2020-6630 | 0.00 | — | 0.01 | Jan 9, 2020 | An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c. | |||
| CVE-2020-6631 | 0.00 | — | 0.01 | Jan 9, 2020 | An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c. | |||
| CVE-2019-20208 | 0.00 | — | 0.01 | Jan 1, 2020 | dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow. | |||
| CVE-2019-20159 | 0.00 | — | 0.01 | Dec 30, 2019 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c. | |||
| CVE-2019-20161 | 0.00 | — | 0.01 | Dec 30, 2019 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. | |||
| CVE-2019-20162 | 0.00 | — | 0.01 | Dec 30, 2019 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. | |||
| CVE-2019-20163 | 0.00 | — | 0.01 | Dec 30, 2019 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. | |||
| CVE-2019-20164 | 0.00 | — | 0.01 | Dec 30, 2019 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_box_del() in isomedia/box_funcs.c. | |||
| CVE-2019-20165 | 0.00 | — | 0.01 | Dec 30, 2019 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c. | |||
| CVE-2019-20166 | 0.00 | — | 0.01 | Dec 30, 2019 | An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_dump() in isomedia/box_dump.c. |
- CVE-2021-21859Aug 16, 2021risk 0.00cvss —epss 0.02
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open…
- CVE-2021-32440Aug 11, 2021risk 0.00cvss —epss 0.01
The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-32439Aug 11, 2021risk 0.00cvss —epss 0.01
Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
- CVE-2021-32437Aug 11, 2021risk 0.00cvss —epss 0.01
The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-36584Aug 5, 2021risk 0.00cvss —epss 0.01
An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_builder_do_tx3g function in ietf/rtp_pck_3gpp.c, as demonstrated by MP4Box. This can cause a denial of service (DOS).
- CVE-2020-24829Aug 4, 2021risk 0.00cvss —epss 0.01
An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file.
- CVE-2020-22352Aug 4, 2021risk 0.00cvss —epss 0.01
The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2020-19488Jul 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilst_item_Read.
- CVE-2020-19481Jul 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
- CVE-2020-23930Apr 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.
- CVE-2020-23932Apr 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.
- CVE-2020-23931Apr 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.
- CVE-2020-23928Apr 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.
- CVE-2020-35982Apr 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.
- CVE-2020-35979Apr 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.
- CVE-2020-35981Apr 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
- CVE-2020-35980Apr 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
- CVE-2021-30020Apr 19, 2021risk 0.00cvss —epss 0.01
In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop.
- CVE-2021-29279Apr 19, 2021risk 0.00cvss —epss 0.01
There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed.
- CVE-2021-30015Apr 19, 2021risk 0.00cvss —epss 0.01
There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal.
- CVE-2021-30022Apr 19, 2021risk 0.00cvss —epss 0.01
There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC from 0.5.2 to 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash.
- CVE-2021-30019Apr 19, 2021risk 0.00cvss —epss 0.01
In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy.
- CVE-2021-30014Apr 19, 2021risk 0.00cvss —epss 0.01
There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash.
- CVE-2021-30199Apr 19, 2021risk 0.00cvss —epss 0.01
In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.
- CVE-2021-31261Apr 19, 2021risk 0.00cvss —epss 0.01
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.
- CVE-2021-31255Apr 19, 2021risk 0.00cvss —epss 0.01
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
- CVE-2021-31254Apr 19, 2021risk 0.00cvss —epss 0.01
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.
- CVE-2021-31262Apr 19, 2021risk 0.00cvss —epss 0.01
The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-31256Apr 19, 2021risk 0.00cvss —epss 0.01
Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
- CVE-2021-31258Apr 19, 2021risk 0.00cvss —epss 0.01
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-31257Apr 19, 2021risk 0.00cvss —epss 0.01
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-31260Apr 19, 2021risk 0.00cvss —epss 0.01
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-31259Apr 19, 2021risk 0.00cvss —epss 0.01
The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
- CVE-2021-28300Apr 14, 2021risk 0.00cvss —epss 0.02
NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.
- CVE-2020-11558Apr 5, 2020risk 0.00cvss —epss 0.02
An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read,…
- CVE-2019-20628Mar 24, 2020risk 0.00cvss —epss 0.01
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
- CVE-2019-20629Mar 24, 2020risk 0.00cvss —epss 0.01
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
- CVE-2019-20630Mar 24, 2020risk 0.00cvss —epss 0.01
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.
- CVE-2019-20631Mar 24, 2020risk 0.00cvss —epss 0.01
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file.
- CVE-2019-20632Mar 24, 2020risk 0.00cvss —epss 0.01
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file.
- CVE-2020-6630Jan 9, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.
- CVE-2020-6631Jan 9, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
- CVE-2019-20208Jan 1, 2020risk 0.00cvss —epss 0.01
dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow.
- CVE-2019-20159Dec 30, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c.
- CVE-2019-20161Dec 30, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
- CVE-2019-20162Dec 30, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.
- CVE-2019-20163Dec 30, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c.
- CVE-2019-20164Dec 30, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_box_del() in isomedia/box_funcs.c.
- CVE-2019-20165Dec 30, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c.
- CVE-2019-20166Dec 30, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_dump() in isomedia/box_dump.c.
Page 8 of 9