Gpac Gpac

Do you want an email whenever new security vulnerabilities are reported in any Gpac product?

Products by Gpac Sorted by Most Security Vulnerabilities since 2018

Gpac181 vulnerabilities

Gpac Mp4box3 vulnerabilities

By the Year

In 2022 there have been 33 vulnerabilities in Gpac with an average score of 6.0 out of ten. Last year Gpac had 116 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Gpac in 2022 could surpass last years number. Last year, the average CVE base score was greater by 0.76

Year Vulnerabilities Average Score
2022 33 5.99
2021 116 6.75
2020 9 5.98
2019 23 6.20
2018 3 9.13

It may take a day or so for new Gpac vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Gpac Security Vulnerabilities

The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which

CVE-2021-40572 5.5 - Medium - January 13, 2022

The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.

Double-free

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which

CVE-2021-40576 5.5 - Medium - January 13, 2022

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service.

NULL Pointer Dereference

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which

CVE-2021-40575 5.5 - Medium - January 13, 2022

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566.

NULL Pointer Dereference

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which

CVE-2021-40573 5.5 - Medium - January 13, 2022

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.

Double-free

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which

CVE-2021-40574 7.8 - High - January 13, 2022

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

Double-free

A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which

CVE-2021-40568 7.8 - High - January 13, 2022

A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

Classic Buffer Overflow

Segmentation fault vulnerability exists in Gpac through 1.0.1

CVE-2021-40567 5.5 - Medium - January 13, 2022

Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service.

The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which

CVE-2021-40569 5.5 - Medium - January 13, 2022

The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service.

Double-free

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which

CVE-2021-40570 7.8 - High - January 13, 2022

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

Double-free

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which

CVE-2021-40571 7.8 - High - January 13, 2022

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

Double-free

A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1

CVE-2021-40566 5.5 - Medium - January 12, 2022

A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service.

Dangling pointer

A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2

CVE-2021-40564 5.5 - Medium - January 12, 2022

A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.

NULL Pointer Dereference

A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1

CVE-2021-40565 5.5 - Medium - January 12, 2022

A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service.

NULL Pointer Dereference

A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box

CVE-2021-40562 5.5 - Medium - January 12, 2022

A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service.

Incorrect Comparison

A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1

CVE-2021-40563 5.5 - Medium - January 12, 2022

A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.

NULL Pointer Dereference

A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which

CVE-2021-40559 5.5 - Medium - January 12, 2022

A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.

NULL Pointer Dereference

A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code

CVE-2021-36417 7.8 - High - January 12, 2022

A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.

Memory Corruption

A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which

CVE-2021-36412 7.8 - High - January 10, 2022

A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command,

Memory Corruption

A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which

CVE-2021-36414 7.8 - High - January 10, 2022

A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

Memory Corruption

A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master

CVE-2020-25427 5.5 - Medium - January 10, 2022

A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.

NULL Pointer Dereference

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.