Total
330 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3523 | 1 Gpac | 1 Gpac | 2023-07-13 | N/A | 7.1 HIGH |
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | |||||
| CVE-2022-3178 | 1 Gpac | 1 Gpac | 2023-06-29 | N/A | 7.8 HIGH |
| Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. | |||||
| CVE-2022-1441 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2023-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. | |||||
| CVE-2023-3013 | 1 Gpac | 1 Gpac | 2023-06-06 | N/A | 7.1 HIGH |
| Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2. | |||||
| CVE-2022-36191 | 1 Gpac | 1 Gpac | 2023-05-27 | N/A | 5.5 MEDIUM |
| A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242. | |||||
| CVE-2021-46046 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent). | |||||
| CVE-2021-46040 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent). | |||||
| CVE-2021-45263 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash. | |||||
| CVE-2021-46045 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). | |||||
| CVE-2022-29537 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box. | |||||
| CVE-2023-0818 | 1 Gpac | 1 Gpac | 2023-05-27 | N/A | 5.5 MEDIUM |
| Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. | |||||
| CVE-2021-40570 | 1 Gpac | 1 Gpac | 2023-05-27 | 6.8 MEDIUM | 7.8 HIGH |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | |||||
| CVE-2020-35980 | 1 Gpac | 1 Gpac | 2023-05-27 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c. | |||||
| CVE-2021-40569 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service. | |||||
| CVE-2021-40609 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | |||||
| CVE-2021-40568 | 1 Gpac | 1 Gpac | 2023-05-27 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | |||||
| CVE-2022-38530 | 1 Gpac | 1 Gpac | 2023-05-27 | N/A | 7.8 HIGH |
| GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD. | |||||
| CVE-2022-24577 | 1 Gpac | 1 Gpac | 2023-05-27 | 6.8 MEDIUM | 7.8 HIGH |
| GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed Unicode utf8_wcslen function.) | |||||
| CVE-2021-33365 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | |||||
| CVE-2023-0866 | 1 Gpac | 1 Gpac | 2023-05-27 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV. | |||||