Gpac
By the Year
In 2023 there have been 80 vulnerabilities in Gpac with an average score of 6.8 out of ten. Last year Gpac had 97 security vulnerabilities published. Right now, Gpac is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.56.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 80 | 6.76 |
| 2022 | 97 | 6.20 |
| 2021 | 113 | 6.74 |
| 2020 | 9 | 5.98 |
| 2019 | 23 | 6.20 |
| 2018 | 3 | 9.13 |
It may take a day or so for new Gpac vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gpac Security Vulnerabilities
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.
CVE-2023-48039
5.5 - Medium
- November 20, 2023
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.
Memory Leak
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.
CVE-2023-48090
7.1 - High
- November 20, 2023
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.
Memory Leak
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free
CVE-2023-48011
7.8 - High
- November 15, 2023
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.
Dangling pointer
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free
CVE-2023-48013
7.8 - High
- November 15, 2023
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.
Double-free
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow
CVE-2023-48014
7.8 - High
- November 15, 2023
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.
Memory Corruption
MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c
CVE-2023-47384
5.5 - Medium
- November 14, 2023
MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
Memory Leak
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master
CVE-2023-46001
5.5 - Medium
- November 07, 2023
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.
Classic Buffer Overflow
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-5998
7.5 - High
- November 07, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.
CVE-2023-46927
5.5 - Medium
- November 01, 2023
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.
Memory Corruption
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.
CVE-2023-46928
5.5 - Medium
- November 01, 2023
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.
CVE-2023-46930
5.5 - Medium
- November 01, 2023
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.
CVE-2023-46931
5.5 - Medium
- November 01, 2023
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.
Memory Corruption
Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-5595
5.5 - Medium
- October 16, 2023
Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-5586
7.8 - High
- October 15, 2023
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.
NULL Pointer Dereference
An issue in GPAC GPAC v.2.2.1 and before
CVE-2023-42298
5.5 - Medium
- October 12, 2023
An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.
Integer Overflow or Wraparound
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-5520
7.1 - High
- October 11, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
Out-of-bounds Read
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.
CVE-2023-5377
7.1 - High
- October 04, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.
Out-of-bounds Read
GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.
CVE-2023-41000
5.5 - Medium
- September 11, 2023
GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.
Dangling pointer
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4778
5.5 - Medium
- September 05, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
Out-of-bounds Read
Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4758
5.5 - Medium
- September 04, 2023
Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.
Out-of-bounds Read
Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4755
5.5 - Medium
- September 04, 2023
Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.
Dangling pointer
Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4754
5.5 - Medium
- September 04, 2023
Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.
Memory Corruption
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4756
5.5 - Medium
- September 04, 2023
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
Memory Corruption
Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4720
5.5 - Medium
- September 01, 2023
Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.
Floating Point Comparison with Incorrect Operator
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4721
5.5 - Medium
- September 01, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
Out-of-bounds Read
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4722
5.5 - Medium
- September 01, 2023
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV.
Integer Overflow or Wraparound
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4683
5.5 - Medium
- August 31, 2023
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
NULL Pointer Dereference
Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4678
5.5 - Medium
- August 31, 2023
Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.
Divide By Zero
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4681
5.5 - Medium
- August 31, 2023
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
NULL Pointer Dereference
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4682
5.5 - Medium
- August 31, 2023
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
Heap-based Buffer Overflow
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c
CVE-2023-39562
5.5 - Medium
- August 28, 2023
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
Dangling pointer
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.
CVE-2023-37174
5.5 - Medium
- July 11, 2023
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.
CVE-2023-37765
5.5 - Medium
- July 11, 2023
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.
CVE-2023-37766
5.5 - Medium
- July 11, 2023
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.
CVE-2023-37767
5.5 - Medium
- July 11, 2023
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3523
7.1 - High
- July 06, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
Out-of-bounds Read
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3291
3.3 - Low
- June 16, 2023
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
Heap-based Buffer Overflow
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3012
7.8 - High
- May 31, 2023
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
NULL Pointer Dereference
Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3013
7.1 - High
- May 31, 2023
Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.
Unchecked Return Value
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-2837
5.5 - Medium
- May 22, 2023
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
Stack Overflow
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-2838
9.1 - Critical
- May 22, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
Out-of-bounds Read
Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-2839
7.5 - High
- May 22, 2023
Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.
Divide By Zero
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-2840
9.8 - Critical
- May 22, 2023
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
NULL Pointer Dereference
Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.
CVE-2023-1654
7.8 - High
- March 27, 2023
Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.
Resource Exhaustion
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.
CVE-2023-1655
7.8 - High
- March 27, 2023
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.
Heap-based Buffer Overflow
A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master
CVE-2023-1448
7.8 - High
- March 17, 2023
A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability.
Heap-based Buffer Overflow
A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic
CVE-2023-1449
7.8 - High
- March 17, 2023
A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability.
Double-free
A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master
CVE-2023-1452
7.8 - High
- March 17, 2023
A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability.
Classic Buffer Overflow
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-0866
7.8 - High
- February 16, 2023
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV.
Heap-based Buffer Overflow
A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded
CVE-2023-0841
8.8 - High
- February 15, 2023
A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.
Memory Corruption
Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.
CVE-2023-0817
7.8 - High
- February 13, 2023
Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.
Out-of-bounds Read
Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.
CVE-2023-0818
5.5 - Medium
- February 13, 2023
Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.
off-by-five
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.
CVE-2023-0819
7.8 - High
- February 13, 2023
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.
Heap-based Buffer Overflow
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.
CVE-2023-0770
7.8 - High
- February 09, 2023
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.
Stack Overflow
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.
CVE-2023-0760
7.8 - High
- February 09, 2023
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.
Heap-based Buffer Overflow
Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c
CVE-2023-23143
7.8 - High
- January 20, 2023
Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master.
Classic Buffer Overflow
Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.
CVE-2023-23144
5.5 - Medium
- January 20, 2023
Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.
Integer Overflow or Wraparound
GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.
CVE-2023-23145
7.8 - High
- January 20, 2023
GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.
Memory Leak
Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-0358
7.8 - High
- January 18, 2023
Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.
Dangling pointer
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c
CVE-2022-47660
7.8 - High
- January 05, 2023
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c
Integer Overflow or Wraparound
GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data
CVE-2022-47659
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data
Memory Corruption
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261
CVE-2022-47654
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261
Classic Buffer Overflow
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow
CVE-2022-47661
7.8 - High
- January 05, 2023
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes
Memory Corruption
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662
CVE-2022-47662
5.5 - Medium
- January 05, 2023
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662
Stack Exhaustion
GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609
CVE-2022-47663
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609
Classic Buffer Overflow
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039
CVE-2022-47658
7.8 - High
- January 05, 2023
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039
Classic Buffer Overflow
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662
CVE-2022-47657
7.8 - High
- January 05, 2023
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662
Classic Buffer Overflow
GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273
CVE-2022-47656
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273
Classic Buffer Overflow
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113
CVE-2022-47653
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113
Classic Buffer Overflow
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference
CVE-2022-47094
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid
NULL Pointer Dereference
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c
CVE-2022-47095
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c
Classic Buffer Overflow
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free
CVE-2022-47093
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid
Dangling pointer
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c
CVE-2022-47091
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c
Classic Buffer Overflow
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow
CVE-2022-47089
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c
Classic Buffer Overflow
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.
CVE-2022-47088
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.
Classic Buffer Overflow
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c
CVE-2022-47087
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c
Classic Buffer Overflow
GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation
CVE-2022-47086
5.5 - Medium
- January 05, 2023
GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak
CVE-2022-46490
5.5 - Medium
- January 05, 2023
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.
Memory Leak
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316
CVE-2022-47092
7.1 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316
Integer Overflow or Wraparound
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak
CVE-2022-46489
5.5 - Medium
- January 05, 2023
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.
Memory Leak
GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c.
CVE-2022-45283
7.8 - High
- December 06, 2022
GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c.
Memory Corruption
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free
CVE-2022-45343
7.8 - High
- November 29, 2022
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.
Dangling pointer
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master
CVE-2022-4202
8.8 - High
- November 29, 2022
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability.
Numeric Errors
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow
CVE-2022-45202
7.8 - High
- November 29, 2022
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.
Memory Corruption
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak
CVE-2022-45204
5.5 - Medium
- November 29, 2022
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.
Memory Leak
A vulnerability classified as problematic was found in GPAC
CVE-2022-3957
6.5 - Medium
- November 11, 2022
A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.
Improper Resource Shutdown or Release
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak
CVE-2022-43254
5.5 - Medium
- November 02, 2022
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c.
Memory Leak
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak
CVE-2022-43255
5.5 - Medium
- November 02, 2022
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.
Memory Leak
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation
CVE-2022-43044
5.5 - Medium
- October 19, 2022
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation
CVE-2022-43045
5.5 - Medium
- October 19, 2022
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation
CVE-2022-43043
5.5 - Medium
- October 19, 2022
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow
CVE-2022-43040
7.8 - High
- October 19, 2022
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.
Memory Corruption
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow
CVE-2022-43042
7.8 - High
- October 19, 2022
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.
Memory Corruption
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation
CVE-2022-43039
5.5 - Medium
- October 19, 2022
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVE-2022-3222
5.5 - Medium
- September 15, 2022
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
Stack Exhaustion
Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVE-2022-3178
7.8 - High
- September 12, 2022
Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.
Out-of-bounds Read
GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD.
CVE-2022-38530
7.8 - High
- September 06, 2022
GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD.
Memory Corruption
A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box
CVE-2022-36191
5.5 - Medium
- August 17, 2022
A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.
Memory Corruption
A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master
CVE-2022-36186
7.5 - High
- August 17, 2022
A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1.
NULL Pointer Dereference
GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get
CVE-2022-36190
9.8 - Critical
- August 17, 2022
GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.
Dangling pointer
