Gpac Gpac

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Gpac product.

RSS Feeds for Gpac security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Gpac products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Gpac Sorted by Most Security Vulnerabilities since 2018

Gpac345 vulnerabilities

Gpac Mp4box4 vulnerabilities

By the Year

In 2025 there have been 3 vulnerabilities in Gpac with an average score of 6.7 out of ten. Last year, in 2024 Gpac had 13 security vulnerabilities published. Right now, Gpac is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.25




Year Vulnerabilities Average Score
2025 3 6.65
2024 13 6.90
2023 84 6.75
2022 98 6.20
2021 116 6.76
2020 9 5.98
2019 23 6.20
2018 3 9.13

It may take a day or so for new Gpac vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Gpac Security Vulnerabilities

An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box

CVE-2024-57184 - January 24, 2025

An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.

gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box.

CVE-2024-50664 7.8 - High - January 23, 2025

gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box.

Memory Corruption

gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box.

CVE-2024-50665 5.5 - Medium - January 23, 2025

gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box.

NULL Pointer Dereference

A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease

CVE-2023-4679 5.5 - Medium - November 15, 2024

A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash.

Dangling pointer

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master

CVE-2024-6063 5.5 - Medium - June 17, 2024

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-268791.

NULL Pointer Dereference

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master

CVE-2024-6064 5.5 - Medium - June 17, 2024

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf690567980d96662f5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-268792.

Dangling pointer

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic

CVE-2024-6062 5.5 - Medium - June 17, 2024

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 31e499d310a48bd17c8b055a0bfe0fe35887a7cd. It is recommended to apply a patch to fix this issue. VDB-268790 is the identifier assigned to this vulnerability.

NULL Pointer Dereference

A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic

CVE-2024-6061 5.5 - Medium - June 17, 2024

A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 20c0f29139a82779b86453ce7f68d0681ec7624c. It is recommended to apply a patch to fix this issue. The identifier VDB-268789 was assigned to this vulnerability.

Infinite Loop

gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability

CVE-2024-24266 7.5 - High - February 05, 2024

gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.

Dangling pointer

gpac v2.2.1 was discovered to contain a memory leak

CVE-2024-24267 7.5 - High - February 05, 2024

gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.

Memory Leak

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.