threat
engine
.sh
Back
·
··:··
Home
/
Product
/
gpac
Product
gpac
376 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-8124
<= 26.02.0
A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia
3.3
LOW
CVE-2026-33144
< 2026-03-17
GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was disco
5.8
MEDIUM
CVE-2026-27821
<= 26.02.0
GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML f
7.8
HIGH
CVE-2026-1418
<= 2.4.0
A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/
5.3
MEDIUM
CVE-2026-1417
<= 2.4.0
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/
3.3
LOW
CVE-2026-1416
<= 2.4.0
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file
3.3
LOW
CVE-2026-1415
<= 2.4.0
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media
3.3
LOW
CVE-2025-70303
all versions
A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a craft
5.5
MEDIUM
CVE-2025-70302
all versions
A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via
5.5
MEDIUM
CVE-2025-70307
all versions
A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted
7.5
HIGH
CVE-2025-70299
all versions
A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a cr
6.5
MEDIUM
CVE-2025-70310
all versions
A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafte
5.5
MEDIUM
CVE-2025-70309
all versions
A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a
5.5
MEDIUM
CVE-2025-70308
all versions
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a
7.5
HIGH
CVE-2025-70305
all versions
A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf fil
5.5
MEDIUM
CVE-2025-70304
all versions
A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS)
7.5
HIGH
CVE-2025-70298
all versions
GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.
8.2
HIGH
CVE-2025-7797
<= 2.4.0
A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_down
5.3
MEDIUM
CVE-2025-25723
all versions
Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code.
8.4
HIGH
CVE-2024-57184
all versions
An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt
5.5
MEDIUM
CVE-2024-50665
all versions
gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box.
5.5
MEDIUM
CVE-2024-50664
all versions
gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box.
7.8
HIGH
CVE-2023-4679
all versions
A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filt
5.5
MEDIUM
CVE-2024-6064
all versions
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affect
5.3
MEDIUM
CVE-2024-6063
all versions
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the functi
3.3
LOW
CVE-2024-6062
all versions
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the fu
3.3
LOW
CVE-2024-6061
all versions
A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerabil
3.3
LOW
CVE-2024-28319
all versions
gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period med
6.2
MEDIUM
CVE-2024-28318
all versions
gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_
7.1
HIGH
CVE-2023-46427
all versions
An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause
9.8
CRITICAL
CVE-2023-46426
all versions
Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbi
8.8
HIGH
CVE-2024-24267
>= 2.2.1 and < 2.4.0
gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob functi
7.5
HIGH
CVE-2024-24266
all versions
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/d
7.5
HIGH
CVE-2024-24265
all versions
gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal func
7.5
HIGH
CVE-2024-22749
all versions
GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomed
7.8
HIGH
CVE-2023-50120
all versions
MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_
5.5
MEDIUM
CVE-2024-0322
< 2.3.0
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
9.1
CRITICAL
CVE-2024-0321
< 2.3.0-dev
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
9.8
CRITICAL
CVE-2023-46929
all versions
An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parse
7.5
HIGH
CVE-2023-46932
all versions
Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code an
9.8
CRITICAL
CVE-2023-47465
<= 2.2.1
An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of f
5.5
MEDIUM
CVE-2023-48958
all versions
gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
5.5
MEDIUM
CVE-2023-46871
<= 2.3-dev-rev602-ged8424300-master
GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vu
5.3
MEDIUM
CVE-2023-48090
all versions
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.
7.1
HIGH
CVE-2023-48039
all versions
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.
5.5
MEDIUM
CVE-2023-48014
all versions
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /me
7.8
HIGH
CVE-2023-48013
all versions
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/f
7.8
HIGH
CVE-2023-48011
all versions
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac
7.8
HIGH
CVE-2023-47384
all versions
MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isom
5.5
MEDIUM
CVE-2023-46001
all versions
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of servi
5.5
MEDIUM
CVE-2023-5998
< 2.3.0
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.
7.5
HIGH
CVE-2023-46928
all versions
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tool
5.5
MEDIUM
CVE-2023-46927
all versions
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3
5.5
MEDIUM
CVE-2023-46931
all versions
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:
5.5
MEDIUM
CVE-2023-46930
all versions
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/me
5.5
MEDIUM
CVE-2023-5595
< 2.3.0
Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.
5.5
MEDIUM
CVE-2023-5586
< 2.3.0
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.
7.8
HIGH
CVE-2023-42298
<= 2.2.1
An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere funct
5.5
MEDIUM
CVE-2023-5520
< 2.2.2
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
7.7
HIGH
CVE-2023-5377
<= 2.2.1
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.
7.1
HIGH
CVE-2023-41000
<= 2.2.1
GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.
5.5
MEDIUM
CVE-2023-4778
< 2.3-dev
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
5.5
MEDIUM
CVE-2023-4758
< 2.3
Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.
5.5
MEDIUM
CVE-2023-4755
< 2.3
Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.
5.5
MEDIUM
CVE-2023-4756
< 2.3
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
5.5
MEDIUM
CVE-2023-4754
< 2.3
Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.
5.5
MEDIUM
CVE-2023-4722
< 2.3-dev
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV.
5.5
MEDIUM
CVE-2023-4721
< 2.3-dev
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
5.5
MEDIUM
CVE-2023-4720
< 2.3-dev
Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.
5.5
MEDIUM
CVE-2023-4683
< 2.3-dev
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
5.5
MEDIUM
CVE-2023-4682
< 2.3
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
5.5
MEDIUM
CVE-2023-4681
< 2.3
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
5.5
MEDIUM
CVE-2023-4678
< 2.3
Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.
5.5
MEDIUM
CVE-2023-39562
all versions
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c
5.5
MEDIUM
CVE-2023-37767
all versions
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace functio
5.5
MEDIUM
CVE-2023-37766
all versions
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function
5.5
MEDIUM
CVE-2023-37765
all versions
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at
5.5
MEDIUM
CVE-2023-37174
all versions
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4b
5.5
MEDIUM
CVE-2023-3523
<= 2.2.1
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
7.1
HIGH
CVE-2023-3291
< 2.2.2
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
3.3
LOW
CVE-2023-3013
< 2.2.2
Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.
7.1
HIGH
CVE-2023-3012
< 2.2.2
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
7.8
HIGH
CVE-2023-2840
< 2.2.1
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
9.8
CRITICAL
CVE-2023-2839
< 2.2.2
Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.
7.5
HIGH
CVE-2023-2838
< 2.2.2
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
9.1
CRITICAL
CVE-2023-2837
< 2.2.2
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
5.5
MEDIUM
CVE-2023-1654
<= 2.2.0
Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.
7.8
HIGH
CVE-2023-1655
< 2.4.0
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.
7.8
HIGH
CVE-2023-1452
all versions
A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerabilit
5.3
MEDIUM
CVE-2023-1449
all versions
A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects t
5.3
MEDIUM
CVE-2023-1448
all versions
A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function
5.3
MEDIUM
CVE-2023-0866
<= 2.2.0
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV.
7.8
HIGH
CVE-2023-0841
all versions
A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the functio
6.3
MEDIUM
CVE-2023-0819
< 2.3.0-dev
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.
7.8
HIGH
CVE-2023-0818
< 2.3.0-dev
Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.
5.5
MEDIUM
CVE-2023-0817
< 2.3.0-dev
Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.
7.8
HIGH
CVE-2023-0770
< 2.2.0
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.
7.8
HIGH
CVE-2023-0760
< 2.2.0
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.
7.8
HIGH
CVE-2023-23145
all versions
GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.
7.8
HIGH
CVE-2023-23144
all versions
Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-maste
5.5
MEDIUM
CVE-2023-23143
all versions
Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-m
7.8
HIGH
CVE-2023-0358
<= 2.2.0
Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.
7.8
HIGH
CVE-2022-47663
< 2.2.0
GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609
7.8
HIGH
CVE-2022-47662
< 2.2.0
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/
5.5
MEDIUM
CVE-2022-47661
< 2.2.0
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emul
7.8
HIGH
CVE-2022-47660
< 2.2.0
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c
7.8
HIGH
CVE-2022-47659
< 2.2.0
GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data
7.8
HIGH
CVE-2022-47658
< 2.2.0
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_
7.8
HIGH
CVE-2022-47657
< 2.2.0
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_pars
7.8
HIGH
CVE-2022-47656
< 2.2.0
GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_
7.8
HIGH
CVE-2022-47654
< 2.2.0
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_
7.8
HIGH
CVE-2022-47653
< 2.2.0
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.
7.8
HIGH
CVE-2022-47095
< 2.2.0
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_pars
7.8
HIGH
CVE-2022-47094
< 2.2.0
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid
7.8
HIGH
CVE-2022-47093
< 2.2.0
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid
7.8
HIGH
CVE-2022-47092
< 2.2.0
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of me
7.1
HIGH
CVE-2022-47091
< 2.2.0
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c
7.8
HIGH
CVE-2022-47089
< 2.2.0
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_
7.8
HIGH
CVE-2022-47088
< 2.2.0
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.
7.8
HIGH
CVE-2022-47087
< 2.2.0
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c
7.8
HIGH
CVE-2022-47086
< 2.2.0
GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf
5.5
MEDIUM
CVE-2022-46490
< 2.2.0
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_a
5.5
MEDIUM
CVE-2022-46489
< 2.2.0
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box
5.5
MEDIUM
CVE-2022-45283
all versions
GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.
7.8
HIGH
CVE-2022-45343
< 2.2.0
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bi
7.8
HIGH
CVE-2022-4202
all versions
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function
6.3
MEDIUM
CVE-2022-45204
< 2.2.0
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code
5.5
MEDIUM
CVE-2022-45202
< 2.2.0
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_c
7.8
HIGH
CVE-2022-3957
< 2.2.0
A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspe
4.3
MEDIUM
CVE-2022-43255
< 2.2.0
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.
5.5
MEDIUM
CVE-2022-43254
< 2.2.0
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c.
5.5
MEDIUM
CVE-2022-43045
< 2.2.0
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at
5.5
MEDIUM
CVE-2022-43044
< 2.2.0
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_in
5.5
MEDIUM
CVE-2022-43043
< 2.2.0
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at
5.5
MEDIUM
CVE-2022-43042
< 2.2.0
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/
7.8
HIGH
CVE-2022-43040
< 2.2.0
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex
7.8
HIGH
CVE-2022-43039
< 2.2.0
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_ite
5.5
MEDIUM
CVE-2022-3222
< 2.1
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
5.5
MEDIUM
CVE-2022-3178
< 2.1.0-dev
Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.
7.8
HIGH
CVE-2022-38530
< 2.2.0
GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD.
7.8
HIGH
CVE-2022-36191
< 2.2.0
A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. Thi
5.5
MEDIUM
CVE-2022-36190
< 2.2.0
GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability w
9.8
CRITICAL
CVE-2022-36186
all versions
A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full
7.5
HIGH
CVE-2022-2549
<= 2.0.0
NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.
5.5
MEDIUM
CVE-2022-2454
<= 2.0.0
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV.
7.8
HIGH
CVE-2022-2453
<= 2.0.0
Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.
7.8
HIGH
CVE-2021-40944
all versions
In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filte
5.5
MEDIUM
CVE-2021-40609
< 2.0.0
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
5.5
MEDIUM
CVE-2021-40608
< 2.0.0
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box
5.5
MEDIUM
CVE-2021-40607
< 2.0.0
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
5.5
MEDIUM
CVE-2021-40606
< 2.0.0
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command
5.5
MEDIUM
CVE-2021-40942
all versions
In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454
5.5
MEDIUM
CVE-2021-41458
all versions
In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability
5.5
MEDIUM
CVE-2021-40592
< 1.0.1
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit c
5.5
MEDIUM
CVE-2022-1795
< 2.1.0
Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.
9.8
CRITICAL
CVE-2022-30976
all versions
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffe
7.1
HIGH
CVE-2022-29340
< 2022-04-12
GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to impr
7.5
HIGH
CVE-2022-29339
< 2022-04-12
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial o
7.5
HIGH
CVE-2022-1441
all versions
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 fi
7.8
HIGH
CVE-2022-29537
all versions
gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box.
5.5
MEDIUM
CVE-2022-27148
< 2.0.0
GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.
5.5
MEDIUM
CVE-2022-27147
< 2.0.0
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.
5.5
MEDIUM
CVE-2022-27146
< 2.0.0
GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.
5.5
MEDIUM
CVE-2022-27145
< 2.0.0
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time o
5.5
MEDIUM
CVE-2022-1222
<= 2.0
Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.
5.5
MEDIUM
CVE-2022-1172
<= 2.0.0
Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.
5.0
MEDIUM
CVE-2022-1035
<= 2.0
Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.
5.5
MEDIUM
CVE-2022-24578
all versions
GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c.
7.8
HIGH
CVE-2022-24577
all versions
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed Unicode utf8_wcslen function.
7.8
HIGH
CVE-2022-24576
all versions
GPAC 1.0.1 is affected by Use After Free through MP4Box.
5.5
MEDIUM
CVE-2022-24575
all versions
GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.
7.8
HIGH
CVE-2022-24574
all versions
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra ().
5.5
MEDIUM
CVE-2022-26967
all versions
GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.
7.8
HIGH
CVE-2021-4043
< 1.1.0
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.
5.5
MEDIUM
CVE-2022-24249
< 2.0.0
A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a
5.5
MEDIUM
CVE-2021-46313
all versions
The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms ().
5.5
MEDIUM
CVE-2021-46311
all versions
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c
5.5
MEDIUM
CVE-2021-46240
all versions
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dum
5.5
MEDIUM
CVE-2021-46239
all versions
The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/allo
5.5
MEDIUM
CVE-2021-46238
all versions
GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This
5.5
MEDIUM
CVE-2021-46237
all versions
An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_sce
5.5
MEDIUM
CVE-2021-46236
all versions
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml
5.5
MEDIUM
CVE-2021-46234
all versions
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegrap
5.5
MEDIUM
CVE-2021-45767
all versions
GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can
5.5
MEDIUM
CVE-2021-45764
all versions
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra().
5.5
MEDIUM
CVE-2021-45763
all versions
GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial o
5.5
MEDIUM
CVE-2021-45762
all versions
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerabi
5.5
MEDIUM
CVE-2021-45760
all versions
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability al
5.5
MEDIUM
CVE-2021-40576
all versions
The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.
5.5
MEDIUM
CVE-2021-40575
all versions
The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c
5.5
MEDIUM
CVE-2021-40574
>= 0.9.0 and <= 1.0.1
The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in loa
7.8
HIGH
CVE-2021-40573
all versions
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to c
5.5
MEDIUM
CVE-2021-40572
all versions
The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to
5.5
MEDIUM
CVE-2021-40571
all versions
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows at
7.8
HIGH
CVE-2021-40570
all versions
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows atta
7.8
HIGH
CVE-2021-40569
<= 1.0.1
The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which a
5.5
MEDIUM
CVE-2021-40568
<= 1.0.1
A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parser
7.8
HIGH
CVE-2021-40567
<= 1.0.1
Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using
5.5
MEDIUM
CVE-2021-40566
<= 1.0.1
A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function i
5.5
MEDIUM
CVE-2021-40565
<= 1.0.1
A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu fun
5.5
MEDIUM
CVE-2021-40564
<= 1.0.2
A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function
5.5
MEDIUM
CVE-2021-40563
<= 1.0.1
A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_con
5.5
MEDIUM
CVE-2021-40562
<= 1.0.1
A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dis
5.5
MEDIUM
CVE-2021-40559
<= 1.0.1
A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which
5.5
MEDIUM
CVE-2021-36417
all versions
A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a
7.8
HIGH
CVE-2021-36414
all versions
A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of
7.8
HIGH
CVE-2021-36412
all versions
A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which a
7.8
HIGH
CVE-2020-25427
all versions
A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_i
5.5
MEDIUM
CVE-2021-46051
all versions
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Ser
5.5
MEDIUM
CVE-2021-46049
all versions
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service.
5.5
MEDIUM
CVE-2021-46047
all versions
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function.
5.5
MEDIUM
CVE-2021-46046
all versions
A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-
5.5
MEDIUM
CVE-2021-46045
all versions
GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent).
5.5
MEDIUM
CVE-2021-46044
all versions
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-depende
5.5
MEDIUM
CVE-2021-46043
all versions
A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service.
5.5
MEDIUM
CVE-2021-46042
all versions
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service.
5.5
MEDIUM
CVE-2021-46041
all versions
A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service.
5.5
MEDIUM
CVE-2021-46040
all versions
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial o
5.5
MEDIUM
CVE-2021-46039
all versions
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Servic
5.5
MEDIUM
CVE-2021-46038
all versions
A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent
5.5
MEDIUM
CVE-2021-45831
all versions
A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service.
5.5
MEDIUM
CVE-2021-45267
all versions
An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentat
5.5
MEDIUM
CVE-2021-45266
all versions
A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentatio
7.5
HIGH
CVE-2021-45263
all versions
An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fau
5.5
MEDIUM
CVE-2021-45262
all versions
An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and appli
5.5
MEDIUM
CVE-2021-45260
all versions
A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault
5.5
MEDIUM
CVE-2021-45259
all versions
An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation faul
5.5
MEDIUM
CVE-2021-45258
all versions
A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and
5.5
MEDIUM
CVE-2021-44927
all versions
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fa
5.5
MEDIUM
CVE-2021-44926
all versions
A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fau
5.5
MEDIUM
CVE-2021-44925
all versions
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentati
5.5
MEDIUM
CVE-2021-44924
all versions
An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.
5.5
MEDIUM
CVE-2021-44923
>= 0.9.0 and <= 1.1.0
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmenta
5.5
MEDIUM
CVE-2021-44922
all versions
A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fa
5.5
MEDIUM
CVE-2021-44921
all versions
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a s
5.5
MEDIUM
CVE-2021-44920
all versions
An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segme
5.5
MEDIUM
CVE-2021-44919
all versions
A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation
5.5
MEDIUM
CVE-2021-44918
all versions
A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fa
5.5
MEDIUM
CVE-2021-45297
all versions
An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size.
5.5
MEDIUM
CVE-2021-45292
all versions
The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference
5.5
MEDIUM
CVE-2021-45291
all versions
The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference)
5.5
MEDIUM
CVE-2021-45289
all versions
A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. T
5.5
MEDIUM
CVE-2021-45288
all versions
A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP
5.5
MEDIUM
CVE-2020-22679
all versions
Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a cra
5.5
MEDIUM
CVE-2020-22678
all versions
An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer o
5.5
MEDIUM
CVE-2020-22677
all versions
An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to
5.5
MEDIUM
CVE-2020-22675
all versions
An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to
5.5
MEDIUM
CVE-2020-22674
all versions
An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, w
5.5
MEDIUM
CVE-2020-22673
all versions
Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted i
5.5
MEDIUM
CVE-2021-41459
all versions
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom p
7.5
HIGH
CVE-2021-41457
all versions
There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of serv
7.5
HIGH
CVE-2021-41456
all versions
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo par
7.5
HIGH
CVE-2020-23269
all versions
An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow wh
5.5
MEDIUM
CVE-2020-23267
all versions
An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer
7.1
HIGH
CVE-2020-23266
all versions
An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lea
5.5
MEDIUM
CVE-2021-32271
< 1.0.1
An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_du
7.8
HIGH
CVE-2021-32270
< 1.0.1
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_co
5.5
MEDIUM
CVE-2021-32269
< 1.0.1
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in
5.5
MEDIUM
CVE-2021-32268
< 1.0.1
Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code.
7.8
HIGH
CVE-2021-33365
all versions
Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
5.5
MEDIUM
CVE-2021-33363
all versions
Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
5.5
MEDIUM
CVE-2021-33361
all versions
Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
5.5
MEDIUM
CVE-2021-32139
all versions
The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a cr
5.5
MEDIUM
CVE-2021-32138
all versions
The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted fi
5.5
MEDIUM
CVE-2021-33366
all versions
Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
5.5
MEDIUM
CVE-2021-33364
all versions
Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
5.5
MEDIUM
CVE-2021-33362
all versions
Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of servi
7.8
HIGH
CVE-2021-32135
all versions
The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted fi
5.5
MEDIUM
CVE-2021-32132
all versions
The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted fi
5.5
MEDIUM
CVE-2021-32137
all versions
Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or
5.5
MEDIUM
CVE-2021-32134
all versions
The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted
5.5
MEDIUM
CVE-2021-32136
all versions
Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute a
7.8
HIGH
CVE-2020-19751
all versions
An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.
9.1
CRITICAL
CVE-2020-19750
all versions
An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.
7.5
HIGH
CVE-2021-21850
all versions
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Cont
8.8
HIGH
CVE-2021-21849
all versions
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Cont
8.8
HIGH
CVE-2021-21848
all versions
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Cont
8.8
HIGH
CVE-2021-21842
all versions
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Cont
8.8
HIGH
CVE-2021-21841
all versions
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Cont
8.8
HIGH
CVE-2021-21840
all versions
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Cont
8.8
HIGH
CVE-2021-21836
all versions
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Cont
8.8
HIGH
CVE-2021-21835
all versions
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Cont
8.8
HIGH
CVE-2021-21834
all versions
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Cont
8.8
HIGH
CVE-2021-21862
all versions
Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Adva
8.8
HIGH
CVE-2021-21858
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21857
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21856
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21855
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21854
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21853
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21852
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21851
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21847
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21846
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21845
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21844
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21843
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21839
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21838
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21837
all versions
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanc
8.8
HIGH
CVE-2021-21861
all versions
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Co
8.8
HIGH
CVE-2021-21860
all versions
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Co
8.8
HIGH
CVE-2021-21859
all versions
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Co
8.8
HIGH
CVE-2021-32440
all versions
The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a cra
5.5
MEDIUM
CVE-2021-32439
all versions
Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute a
7.8
HIGH
CVE-2021-32438
all versions
The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a
5.5
MEDIUM
CVE-2021-32437
all versions
The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a craft
5.5
MEDIUM
CVE-2021-36584
all versions
An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_builder_do_tx3g function in ie
5.5
MEDIUM
CVE-2020-24829
>= 0.5.2 and <= 0.8.0
An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m
5.5
MEDIUM
CVE-2020-22352
all versions
The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denial of service (NULL pointer dereference) v
5.5
MEDIUM
CVE-2020-19488
all versions
An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an inva
5.5
MEDIUM
CVE-2020-19481
< 0.8.0
An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt
5.5
MEDIUM
CVE-2020-23932
< 1.0.1
An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.
5.5
MEDIUM
CVE-2020-23931
< 1.0.1
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.
7.1
HIGH
CVE-2020-23930
< 1.0.1
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located i
5.5
MEDIUM
CVE-2020-23928
< 1.0.1
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.
7.1
HIGH
CVE-2020-35982
all versions
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_f
7.8
HIGH
CVE-2020-35981
all versions
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in
7.8
HIGH
CVE-2020-35980
all versions
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/b
7.8
HIGH
CVE-2020-35979
all versions
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc
7.8
HIGH
CVE-2021-30199
all versions
In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg
5.5
MEDIUM
CVE-2021-30022
>= 0.5.2 and <= 1.0.1
There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC from 0.5.2 to 1.0.1. pps_id may
5.5
MEDIUM
CVE-2021-30020
all versions
In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafte
5.5
MEDIUM
CVE-2021-30019
all versions
In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx-hdr.frame_size to be smalle
5.5
MEDIUM
CVE-2021-30015
all versions
There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid c
5.5
MEDIUM
CVE-2021-30014
>= 0.9.0 and <= 1.0.1
There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.
5.5
MEDIUM
CVE-2021-29279
all versions
There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF
7.8
HIGH
CVE-2021-31262
all versions
The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a craf
5.5
MEDIUM
CVE-2021-31261
all versions
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.
5.5
MEDIUM
CVE-2021-31260
all versions
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file
5.5
MEDIUM
CVE-2021-31259
all versions
The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dere
5.5
MEDIUM
CVE-2021-31258
all versions
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via
5.5
MEDIUM
CVE-2021-31257
all versions
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in
5.5
MEDIUM
CVE-2021-31256
all versions
Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
5.5
MEDIUM
CVE-2021-31255
all versions
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arb
7.8
HIGH
CVE-2021-31254
all versions
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arb
7.8
HIGH
CVE-2021-28300
all versions
NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arb
9.8
CRITICAL
CVE-2020-11558
all versions
An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c
9.8
CRITICAL
CVE-2019-20632
< 0.8.0
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference i
5.5
MEDIUM
CVE-2019-20631
< 0.8.0
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference i
5.5
MEDIUM
CVE-2019-20630
< 0.8.0
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in
5.5
MEDIUM
CVE-2019-20629
< 0.8.0
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in
5.5
MEDIUM
CVE-2019-20628
< 0.8.0
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability i
5.5
MEDIUM
CVE-2020-6631
all versions
An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in
5.5
MEDIUM
CVE-2020-6630
all versions
An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() i
5.5
MEDIUM
CVE-2019-20208
>= 0.5.2 and <= 0.8.0
dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow.
5.5
MEDIUM
CVE-2019-20171
>= 0.5.2 and <= 0.8.0
An issue was discovered in GPAC version 0.5.2 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_c
5.5
MEDIUM
CVE-2019-20170
all versions
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the funct
5.5
MEDIUM
CVE-2019-20169
all versions
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function trak_Read(
5.5
MEDIUM
CVE-2019-20168
all versions
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function gf_isom_bo
5.5
MEDIUM
CVE-2019-20167
all versions
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function
5.5
MEDIUM
CVE-2019-20166
all versions
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function
5.5
MEDIUM
CVE-2019-20165
all versions
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function
5.5
MEDIUM
CVE-2019-20164
all versions
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function
5.5
MEDIUM
CVE-2019-20163
all versions
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function
5.5
MEDIUM
CVE-2019-20162
all versions
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function
5.5
MEDIUM
CVE-2019-20161
all versions
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function
5.5
MEDIUM
CVE-2019-20160
all versions
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the functi
5.5
MEDIUM
CVE-2019-20159
all versions
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box
5.5
MEDIUM
CVE-2018-21017
all versions
GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.
6.5
MEDIUM
CVE-2018-21016
all versions
audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-b
6.5
MEDIUM
CVE-2018-21015
all versions
AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer deref
6.5
MEDIUM
CVE-2019-13618
< 0.8.0
In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_s
7.5
HIGH
CVE-2019-12483
>= 0.6.1 and <= 0.7.1
An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationLi
7.8
HIGH
CVE-2019-12482
>= 0.6.1 and <= 0.7.1
An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at iso
7.5
HIGH
CVE-2019-12481
>= 0.6.1 and <= 0.7.1
An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a
5.5
MEDIUM
CVE-2019-11222
all versions
gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_d
7.8
HIGH
CVE-2019-11221
all versions
GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.
7.8
HIGH
CVE-2018-20763
<= 0.7.1
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write be
7.8
HIGH
CVE-2018-20762
<= 0.7.1
GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/filei
7.8
HIGH
CVE-2018-20761
<= 0.7.1
GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_s
7.8
HIGH
CVE-2018-20760
<= 0.7.1
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write be
7.8
HIGH
CVE-2018-13006
all versions
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_d
9.8
CRITICAL
CVE-2018-13005
all versions
An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-re
9.8
CRITICAL
CVE-2018-7752
<= 0.7.1
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerabil
7.8
HIGH
CVE-2018-1000100
<= 0.7.1
GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that c
7.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin