Gpac

gpac

374 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (374)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-32268 1Gpac 1Gpac Nov 21, 2024 Sep 20, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code. The fixed version is 1.0.1.
CVE-2021-33365 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33363 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33361 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-32139 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32138 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-33366 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33364 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33362 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-32135 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32132 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32137 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-32134 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32136 1Gpac 1Gpac Nov 21, 2024 Sep 13, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2020-19751 1Gpac 1Gpac Nov 21, 2024 Sep 7, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.
CVE-2020-19750 1Gpac 1Gpac Nov 21, 2024 Sep 7, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.
CVE-2021-21850 2Debian Gpac 2Debian Linux Gpac Nov 21, 2024 Aug 25, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when th...Show more An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.Show less
CVE-2021-21849 2Debian Gpac 2Debian Linux Gpac Nov 21, 2024 Aug 25, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when th...Show more An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.Show less
CVE-2021-21848 2Debian Gpac 2Debian Linux Gpac Nov 21, 2024 Aug 25, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” F...Show more An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.Show less
CVE-2021-21842 2Debian Gpac 2Debian Linux Gpac Nov 21, 2024 Aug 25, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when pr...Show more An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.Show less

Previous 1...131415...19 Next