Gpac
Products by Gpac Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 8 vulnerabilities in Gpac with an average score of 7.8 out of ten. Last year Gpac had 84 security vulnerabilities published. Right now, Gpac is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 1.03.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 8 | 7.78 |
2023 | 84 | 6.75 |
2022 | 98 | 6.20 |
2021 | 116 | 6.76 |
2020 | 9 | 5.98 |
2019 | 23 | 6.20 |
2018 | 3 | 9.13 |
It may take a day or so for new Gpac vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gpac Security Vulnerabilities
gpac v2.2.1 was discovered to contain a memory leak
CVE-2024-24265
7.5 - High
- February 05, 2024
gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.
Memory Leak
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability
CVE-2024-24266
7.5 - High
- February 05, 2024
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
Dangling pointer
gpac v2.2.1 was discovered to contain a memory leak
CVE-2024-24267
7.5 - High
- February 05, 2024
gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
Memory Leak
GPAC v2.3 was detected to contain a buffer overflow
CVE-2024-22749
7.8 - High
- January 25, 2024
GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577
Classic Buffer Overflow
MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c
CVE-2023-50120
5.5 - Medium
- January 10, 2024
MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
Infinite Loop
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2024-0322
9.1 - Critical
- January 08, 2024
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
Out-of-bounds Read
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2024-0321
9.8 - Critical
- January 08, 2024
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
Memory Corruption
An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55
CVE-2023-46929
7.5 - High
- January 03, 2024
An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.
Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code
CVE-2023-46932
9.8 - Critical
- December 09, 2023
Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.
Memory Corruption
An issue in GPAC v.2.2.1 and before
CVE-2023-47465
5.5 - Medium
- December 09, 2023
An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c.
GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300
CVE-2023-46871
5.3 - Medium
- December 07, 2023
GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.
Memory Leak
gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
CVE-2023-48958
5.5 - Medium
- December 07, 2023
gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
Memory Leak
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.
CVE-2023-48090
7.1 - High
- November 20, 2023
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.
Memory Leak
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.
CVE-2023-48039
5.5 - Medium
- November 20, 2023
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.
Memory Leak
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free
CVE-2023-48011
7.8 - High
- November 15, 2023
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.
Dangling pointer
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free
CVE-2023-48013
7.8 - High
- November 15, 2023
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.
Double-free
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow
CVE-2023-48014
7.8 - High
- November 15, 2023
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.
Memory Corruption
MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c
CVE-2023-47384
5.5 - Medium
- November 14, 2023
MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
Memory Leak
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master
CVE-2023-46001
5.5 - Medium
- November 07, 2023
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.
Classic Buffer Overflow