Gpac Gpac

Do you want an email whenever new security vulnerabilities are reported in any Gpac product?

Products by Gpac Sorted by Most Security Vulnerabilities since 2018

Gpac325 vulnerabilities

Gpac Mp4box4 vulnerabilities

By the Year

In 2023 there have been 80 vulnerabilities in Gpac with an average score of 6.8 out of ten. Last year Gpac had 98 security vulnerabilities published. Right now, Gpac is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.56.

Year Vulnerabilities Average Score
2023 80 6.76
2022 98 6.20
2021 116 6.76
2020 9 5.98
2019 23 6.20
2018 3 9.13

It may take a day or so for new Gpac vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Gpac Security Vulnerabilities

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.

CVE-2023-48090 7.1 - High - November 20, 2023

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.

Memory Leak

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.

CVE-2023-48039 5.5 - Medium - November 20, 2023

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.

Memory Leak

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow

CVE-2023-48014 7.8 - High - November 15, 2023

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.

Memory Corruption

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free

CVE-2023-48011 7.8 - High - November 15, 2023

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.

Dangling pointer

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free

CVE-2023-48013 7.8 - High - November 15, 2023

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.

Double-free

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c

CVE-2023-47384 5.5 - Medium - November 14, 2023

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Memory Leak

Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master

CVE-2023-46001 5.5 - Medium - November 07, 2023

Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.

Classic Buffer Overflow

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE-2023-5998 7.5 - High - November 07, 2023

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.

CVE-2023-46927 5.5 - Medium - November 01, 2023

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.

Memory Corruption

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.

CVE-2023-46928 5.5 - Medium - November 01, 2023

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.

CVE-2023-46930 5.5 - Medium - November 01, 2023

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.

CVE-2023-46931 5.5 - Medium - November 01, 2023

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.

Memory Corruption

Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE-2023-5595 5.5 - Medium - October 16, 2023

Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE-2023-5586 7.8 - High - October 15, 2023

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.

NULL Pointer Dereference

An issue in GPAC GPAC v.2.2.1 and before

CVE-2023-42298 5.5 - Medium - October 12, 2023

An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.

Integer Overflow or Wraparound

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-5520 7.1 - High - October 11, 2023

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

Out-of-bounds Read

Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.

CVE-2023-5377 7.1 - High - October 04, 2023

Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.

Out-of-bounds Read

GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.

CVE-2023-41000 5.5 - Medium - September 11, 2023

GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.

Dangling pointer

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4778 5.5 - Medium - September 05, 2023

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

Out-of-bounds Read

Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4758 5.5 - Medium - September 04, 2023

Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.

Out-of-bounds Read

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.