CPE Details
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:gpac:gpac:0.5.2:1.1.0-dev-rev1663-g881c6a94a-master:*:*:*:*:*:*
Informations
Vendor
gpacProduct
gpacVersion
0.5.2Update
1.1.0-dev-rev1663-g881c6a94a-masterRelated CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. | 9.1 |
Critical |
||
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. | 9.8 |
Critical |
||
| An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c. | 5.5 |
Medium |
||
| GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service. | 5.3 |
Medium |
||
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. | 7.5 |
High |
||
| Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV. | 5.5 |
Medium |
||
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV. | 7.8 |
High |
||
| An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c. | 5.5 |
Medium |
||
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | 7.1 |
High |
||
| Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV. | 7.1 |
High |
||
| GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c. | 5.5 |
Medium |
||
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 |
Medium |
||
| Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 |
Medium |
||
| Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 |
Medium |
||
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 |
Medium |
||
| Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 |
Medium |
||
| Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 |
Medium |
||
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 |
Medium |
||
| Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 |
Medium |
||
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 |
Medium |
||
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 |
Medium |
||
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 |
Medium |
||
| Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 |
Medium |
||
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | 7.1 |
High |
||
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. | 3.3 |
Low |
||
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. | 7.8 |
High |
||
| Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2. | 7.1 |
High |
||
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. | 5.5 |
Medium |
||
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | 9.1 |
Critical |
||
| Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2. | 7.5 |
High |
||
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. | 9.8 |
Critical |
||
| Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. | 7.8 |
High |
||
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0. | 7.8 |
High |
||
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV. | 7.8 |
High |
||
| Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. | 7.8 |
High |
||
| Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. | 5.5 |
Medium |
||
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. | 7.8 |
High |
||
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. | 7.8 |
High |
||
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. | 7.8 |
High |
||
| Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV. | 7.8 |
High |
||
| GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c. | 5.5 |
Medium |
||
| GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c. | 5.5 |
Medium |
||
| GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c | 5.5 |
Medium |
||
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c | 7.8 |
High |
||
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow. | 7.8 |
High |
||
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c | 7.8 |
High |
||
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c | 7.8 |
High |
||
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316 | 7.1 |
High |
||
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid | 7.8 |
High |
||
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid | 7.8 |
High |
||
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c | 7.8 |
High |
||
| GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113 | 7.8 |
High |
||
| GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261 | 7.8 |
High |
||
| GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273 | 7.8 |
High |
||
| GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662 | 7.8 |
High |
||
| GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039 | 7.8 |
High |
||
| GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data | 7.8 |
High |
||
| GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c | 7.8 |
High |
||
| GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes | 7.8 |
High |
||
| GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662 | 5.5 |
Medium |
||
| GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609 | 7.8 |
High |
||
| GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c. | 7.8 |
High |
||
| GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c. | 5.5 |
Medium |
||
| GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. | 7.8 |
High |
||
| A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463. | 6.5 |
Medium |
||
| GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c. | 5.5 |
Medium |
||
| GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c. | 5.5 |
Medium |
||
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c. | 5.5 |
Medium |
||
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c. | 7.8 |
High |
||
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c. | 7.8 |
High |
||
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c. | 5.5 |
Medium |
||
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c. | 5.5 |
Medium |
||
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c. | 5.5 |
Medium |
||
| Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. | 5.5 |
Medium |
||
| Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. | 7.8 |
High |
||
| GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD. | 7.8 |
High |
||
| GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242. | 9.8 |
Critical |
||
| A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242. | 5.5 |
Medium |
||
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV. | 5.5 |
Medium |
||
| Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV. | 7.8 |
High |
||
| Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV. | 7.8 |
High |
||
| The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | 5.5 |
Medium |
||
| The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | 5.5 |
Medium |
||
| The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | 5.5 |
Medium |
||
| The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | 5.5 |
Medium |
||
| GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file. | 5.5 |
Medium |
||
| Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. | 9.8 |
Critical |
||
| GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. | 7.5 |
High |
||
| In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. | 7.5 |
High |
||
| GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. | 5.5 |
Medium |
||
| GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. | 5.5 |
Medium |
||
| GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. | 5.5 |
Medium |
||
| GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. | 5.5 |
Medium |
||
| Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. | 5.5 |
Medium |
||
| Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV. | 5 |
Medium |
||
| Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV. | 5.5 |
Medium |
||
| A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. | 5.5 |
Medium |
||
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. | 5.5 |
Medium |
||
| Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service. | 5.5 |
Medium |
||
| A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | 7.8 |
High |
||
| The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service. | 5.5 |
Medium |
||
| A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service. | 5.5 |
Medium |
||
| A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service. | 5.5 |
Medium |
||
| A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service. | 5.5 |
Medium |
||
| A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service. | 5.5 |
Medium |
||
| A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service. | 5.5 |
Medium |
||
| A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service. | 5.5 |
Medium |
||
| Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code. The fixed version is 1.0.1. | 7.8 |
High |
||
| An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution. | 7.8 |
High |
||
| An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service. | 5.5 |
Medium |
||
| An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service. | 5.5 |
Medium |
||
| An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | 5.5 |
Medium |
||
| An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service. | 5.5 |
Medium |
||
| An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | 7.1 |
High |
||
| An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. | 5.5 |
Medium |
||
| An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | 7.1 |
High |
||
| NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file. | 9.8 |
Critical |
||
| An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | 5.5 |
Medium |
||
| An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | 5.5 |
Medium |
||
| An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file. | 5.5 |
Medium |
||
| An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file. | 5.5 |
Medium |
||
| An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file. | 5.5 |
Medium |
||
| dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow. | 5.5 |
Medium |
||
| An issue was discovered in GPAC version 0.5.2 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c. | 5.5 |
Medium |
||
| In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c. | 7.5 |
High |
||
| In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. | 7.8 |
High |
||
| GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. | 7.8 |
High |
2025©
tesweb SA
