Gpac
Products by Gpac Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2023 there have been 80 vulnerabilities in Gpac with an average score of 6.8 out of ten. Last year Gpac had 98 security vulnerabilities published. Right now, Gpac is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.56.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 80 | 6.76 |
2022 | 98 | 6.20 |
2021 | 116 | 6.76 |
2020 | 9 | 5.98 |
2019 | 23 | 6.20 |
2018 | 3 | 9.13 |
It may take a day or so for new Gpac vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gpac Security Vulnerabilities
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.
CVE-2023-48090
7.1 - High
- November 20, 2023
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.
Memory Leak
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.
CVE-2023-48039
5.5 - Medium
- November 20, 2023
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.
Memory Leak
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow
CVE-2023-48014
7.8 - High
- November 15, 2023
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.
Memory Corruption
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free
CVE-2023-48011
7.8 - High
- November 15, 2023
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.
Dangling pointer
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free
CVE-2023-48013
7.8 - High
- November 15, 2023
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.
Double-free
MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c
CVE-2023-47384
5.5 - Medium
- November 14, 2023
MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
Memory Leak
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master
CVE-2023-46001
5.5 - Medium
- November 07, 2023
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.
Classic Buffer Overflow
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-5998
7.5 - High
- November 07, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.
CVE-2023-46927
5.5 - Medium
- November 01, 2023
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.
Memory Corruption
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.
CVE-2023-46928
5.5 - Medium
- November 01, 2023
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.
CVE-2023-46930
5.5 - Medium
- November 01, 2023
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.
CVE-2023-46931
5.5 - Medium
- November 01, 2023
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.
Memory Corruption
Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-5595
5.5 - Medium
- October 16, 2023
Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-5586
7.8 - High
- October 15, 2023
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.
NULL Pointer Dereference
An issue in GPAC GPAC v.2.2.1 and before
CVE-2023-42298
5.5 - Medium
- October 12, 2023
An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.
Integer Overflow or Wraparound
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-5520
7.1 - High
- October 11, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
Out-of-bounds Read
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.
CVE-2023-5377
7.1 - High
- October 04, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.
Out-of-bounds Read
GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.
CVE-2023-41000
5.5 - Medium
- September 11, 2023
GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.
Dangling pointer
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4778
5.5 - Medium
- September 05, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
Out-of-bounds Read