Gpac : Security Vulnerabilities, CVEs, (Code Execution)
Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.
Max CVSS
9.8
EPSS Score
0.12%
Published
2023-12-09
Updated
2023-12-12
An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-09
Updated
2024-03-11
A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-01-12
Updated
2023-05-27
A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-01-10
Updated
2023-05-27
Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
Max CVSS
7.8
EPSS Score
0.16%
Published
2021-09-13
Updated
2021-09-23
Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
Max CVSS
7.8
EPSS Score
0.07%
Published
2021-08-11
Updated
2021-08-16
Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code. The fixed version is 1.0.1.
Max CVSS
7.8
EPSS Score
0.16%
Published
2021-09-20
Updated
2021-10-07
Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
Max CVSS
5.5
EPSS Score
0.08%
Published
2021-09-13
Updated
2021-09-22
Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
Max CVSS
7.8
EPSS Score
0.08%
Published
2021-09-13
Updated
2021-09-22
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
Max CVSS
7.8
EPSS Score
0.08%
Published
2021-04-19
Updated
2021-04-21
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.
Max CVSS
7.8
EPSS Score
0.10%
Published
2021-04-19
Updated
2021-04-22
NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.
Max CVSS
9.8
EPSS Score
0.57%
Published
2021-04-14
Updated
2021-04-21
12 vulnerabilities found