Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gpac Subscribe
Total 281 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21837 2 Debian, Gpac 2 Debian Linux, Gpac 2022-05-31 6.8 MEDIUM 8.8 HIGH
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21850 2 Debian, Gpac 2 Debian Linux, Gpac 2022-05-31 6.8 MEDIUM 8.8 HIGH
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21861 2 Debian, Gpac 2 Debian Linux, Gpac 2022-05-31 6.8 MEDIUM 8.8 HIGH
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21851 1 Gpac 1 Gpac 2022-05-31 6.8 MEDIUM 8.8 HIGH
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “csgp” decoder sample group description indices can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21852 1 Gpac 1 Gpac 2022-05-31 6.8 MEDIUM 8.8 HIGH
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2022-1795 1 Gpac 1 Gpac 2022-05-25 7.5 HIGH 9.8 CRITICAL
Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.
CVE-2022-30976 1 Gpac 1 Gpac 2022-05-25 4.0 MEDIUM 7.1 HIGH
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
CVE-2022-29340 1 Gpac 1 Gpac 2022-05-13 5.0 MEDIUM 7.5 HIGH
GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.
CVE-2022-29339 1 Gpac 1 Gpac 2022-05-13 5.0 MEDIUM 7.5 HIGH
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.
CVE-2022-1441 1 Gpac 1 Gpac 2022-05-05 6.8 MEDIUM 7.8 HIGH
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.
CVE-2021-33365 1 Gpac 1 Gpac 2022-05-03 4.3 MEDIUM 5.5 MEDIUM
Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-31256 1 Gpac 1 Gpac 2022-05-03 4.3 MEDIUM 5.5 MEDIUM
Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33363 1 Gpac 1 Gpac 2022-05-03 4.3 MEDIUM 5.5 MEDIUM
Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33361 1 Gpac 1 Gpac 2022-05-03 4.3 MEDIUM 5.5 MEDIUM
Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2022-29537 1 Gpac 1 Gpac 2022-05-03 4.3 MEDIUM 5.5 MEDIUM
gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box.
CVE-2022-27148 1 Gpac 1 Gpac 2022-04-14 4.3 MEDIUM 5.5 MEDIUM
GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.
CVE-2022-27147 1 Gpac 1 Gpac 2022-04-14 4.3 MEDIUM 5.5 MEDIUM
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.
CVE-2022-27146 1 Gpac 1 Gpac 2022-04-14 4.3 MEDIUM 5.5 MEDIUM
GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.
CVE-2022-27145 1 Gpac 1 Gpac 2022-04-14 4.3 MEDIUM 5.5 MEDIUM
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.
CVE-2022-1222 1 Gpac 1 Gpac 2022-04-11 4.3 MEDIUM 5.5 MEDIUM
Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.