Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gpac Subscribe
Total 281 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-23930 1 Gpac 1 Gpac 2021-04-22 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.
CVE-2020-23932 1 Gpac 1 Gpac 2021-04-22 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.
CVE-2021-31254 1 Gpac 1 Gpac 2021-04-21 6.8 MEDIUM 7.8 HIGH
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.
CVE-2021-31257 1 Gpac 1 Gpac 2021-04-21 4.3 MEDIUM 5.5 MEDIUM
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31255 1 Gpac 1 Gpac 2021-04-21 6.8 MEDIUM 7.8 HIGH
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-31261 1 Gpac 1 Gpac 2021-04-21 4.3 MEDIUM 5.5 MEDIUM
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.
CVE-2021-31260 1 Gpac 1 Gpac 2021-04-21 4.3 MEDIUM 5.5 MEDIUM
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31259 1 Gpac 1 Gpac 2021-04-21 4.3 MEDIUM 5.5 MEDIUM
The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31258 1 Gpac 1 Gpac 2021-04-21 4.3 MEDIUM 5.5 MEDIUM
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-30014 1 Gpac 1 Gpac 2021-04-21 4.3 MEDIUM 5.5 MEDIUM
There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash.
CVE-2021-30015 1 Gpac 1 Gpac 2021-04-21 4.3 MEDIUM 5.5 MEDIUM
There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal.
CVE-2021-29279 1 Gpac 1 Gpac 2021-04-21 6.8 MEDIUM 7.8 HIGH
There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed.
CVE-2021-31262 1 Gpac 1 Gpac 2021-04-21 4.3 MEDIUM 5.5 MEDIUM
The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-30022 1 Gpac 1 Gpac 2021-04-21 4.3 MEDIUM 5.5 MEDIUM
There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash.
CVE-2021-30199 1 Gpac 1 Gpac 2021-04-21 4.3 MEDIUM 5.5 MEDIUM
In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.
CVE-2021-30020 1 Gpac 1 Gpac 2021-04-21 4.3 MEDIUM 5.5 MEDIUM
In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop.
CVE-2021-30019 1 Gpac 1 Gpac 2021-04-21 4.3 MEDIUM 5.5 MEDIUM
In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy.
CVE-2021-28300 1 Gpac 1 Gpac 2021-04-21 7.5 HIGH 9.8 CRITICAL
NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.
CVE-2018-21017 1 Gpac 1 Gpac 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.
CVE-2019-12483 1 Gpac 1 Gpac 2020-08-24 6.8 MEDIUM 7.8 HIGH
An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.