Gpac

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.

CVE-2023-48090 7.1 - High - November 20, 2023

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.

Memory Leak

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.

CVE-2023-48039 5.5 - Medium - November 20, 2023

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.

Memory Leak

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow

CVE-2023-48014 7.8 - High - November 15, 2023

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.

Memory Corruption

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free

CVE-2023-48011 7.8 - High - November 15, 2023

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.

Dangling pointer

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free

CVE-2023-48013 7.8 - High - November 15, 2023

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.

Double-free

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c

CVE-2023-47384 5.5 - Medium - November 14, 2023

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Memory Leak

Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master

CVE-2023-46001 5.5 - Medium - November 07, 2023

Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.

Classic Buffer Overflow

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE-2023-5998 7.5 - High - November 07, 2023

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.

CVE-2023-46927 5.5 - Medium - November 01, 2023

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.

Memory Corruption

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.

CVE-2023-46928 5.5 - Medium - November 01, 2023

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.

CVE-2023-46930 5.5 - Medium - November 01, 2023

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.

CVE-2023-46931 5.5 - Medium - November 01, 2023

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.

Memory Corruption

Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE-2023-5595 5.5 - Medium - October 16, 2023

Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE-2023-5586 7.8 - High - October 15, 2023

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.

NULL Pointer Dereference

An issue in GPAC GPAC v.2.2.1 and before

CVE-2023-42298 5.5 - Medium - October 12, 2023

An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.

Integer Overflow or Wraparound

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-5520 7.1 - High - October 11, 2023

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

Out-of-bounds Read

Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.

CVE-2023-5377 7.1 - High - October 04, 2023

Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.

Out-of-bounds Read

GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.

CVE-2023-41000 5.5 - Medium - September 11, 2023

GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.

Dangling pointer

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4778 5.5 - Medium - September 05, 2023

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

Out-of-bounds Read

Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2023-4758 5.5 - Medium - September 04, 2023

Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.

Out-of-bounds Read