Gpac Gpac

Do you want an email whenever new security vulnerabilities are reported in any Gpac product?

Products by Gpac Sorted by Most Security Vulnerabilities since 2018

Gpac337 vulnerabilities

Gpac Mp4box4 vulnerabilities

By the Year

In 2024 there have been 8 vulnerabilities in Gpac with an average score of 7.8 out of ten. Last year Gpac had 84 security vulnerabilities published. Right now, Gpac is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 1.03.

Year Vulnerabilities Average Score
2024 8 7.78
2023 84 6.75
2022 98 6.20
2021 116 6.76
2020 9 5.98
2019 23 6.20
2018 3 9.13

It may take a day or so for new Gpac vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Gpac Security Vulnerabilities

gpac v2.2.1 was discovered to contain a memory leak

CVE-2024-24265 7.5 - High - February 05, 2024

gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.

Memory Leak

gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability

CVE-2024-24266 7.5 - High - February 05, 2024

gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.

Dangling pointer

gpac v2.2.1 was discovered to contain a memory leak

CVE-2024-24267 7.5 - High - February 05, 2024

gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.

Memory Leak

GPAC v2.3 was detected to contain a buffer overflow

CVE-2024-22749 7.8 - High - January 25, 2024

GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577

Classic Buffer Overflow

MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c

CVE-2023-50120 5.5 - Medium - January 10, 2024

MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Infinite Loop

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2024-0322 9.1 - Critical - January 08, 2024

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

Out-of-bounds Read

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2024-0321 9.8 - Critical - January 08, 2024

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.

Memory Corruption

An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55

CVE-2023-46929 7.5 - High - January 03, 2024

An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.

Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code

CVE-2023-46932 9.8 - Critical - December 09, 2023

Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.

Memory Corruption

An issue in GPAC v.2.2.1 and before

CVE-2023-47465 5.5 - Medium - December 09, 2023

An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c.

GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300

CVE-2023-46871 5.3 - Medium - December 07, 2023

GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.

Memory Leak

gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.

CVE-2023-48958 5.5 - Medium - December 07, 2023

gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.

Memory Leak

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.

CVE-2023-48090 7.1 - High - November 20, 2023

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.

Memory Leak

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.

CVE-2023-48039 5.5 - Medium - November 20, 2023

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.

Memory Leak

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free

CVE-2023-48011 7.8 - High - November 15, 2023

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.

Dangling pointer

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free

CVE-2023-48013 7.8 - High - November 15, 2023

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.

Double-free

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow

CVE-2023-48014 7.8 - High - November 15, 2023

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.

Memory Corruption

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c

CVE-2023-47384 5.5 - Medium - November 14, 2023

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Memory Leak

Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master

CVE-2023-46001 5.5 - Medium - November 07, 2023

Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.

Classic Buffer Overflow

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE-2023-5998 7.5 - High - November 07, 2023

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.