Vulnerabilities (CVE)

Filtered by vendor Gpac Subscribe
Total 290 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40606 1 Gpac 1 Gpac 2023-05-27 4.3 MEDIUM 5.5 MEDIUM
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVE-2021-41456 1 Gpac 1 Mp4box 2023-05-27 5.0 MEDIUM 7.5 HIGH
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.
CVE-2021-40608 1 Gpac 1 Gpac 2023-05-27 4.3 MEDIUM 5.5 MEDIUM
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVE-2021-40567 1 Gpac 1 Gpac 2023-05-27 4.3 MEDIUM 5.5 MEDIUM
Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service.
CVE-2021-40574 1 Gpac 1 Gpac 2023-05-27 6.8 MEDIUM 7.8 HIGH
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-40570 1 Gpac 1 Gpac 2023-05-27 6.8 MEDIUM 7.8 HIGH
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-40571 1 Gpac 1 Gpac 2023-05-27 6.8 MEDIUM 7.8 HIGH
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-40575 1 Gpac 1 Gpac 2023-05-27 4.3 MEDIUM 5.5 MEDIUM
The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566.
CVE-2021-40568 1 Gpac 1 Gpac 2023-05-27 6.8 MEDIUM 7.8 HIGH
A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-36412 1 Gpac 1 Gpac 2023-05-27 6.8 MEDIUM 7.8 HIGH
A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command,
CVE-2021-21852 1 Gpac 1 Gpac 2023-05-27 6.8 MEDIUM 8.8 HIGH
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-40566 1 Gpac 1 Gpac 2023-05-27 4.3 MEDIUM 5.5 MEDIUM
A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service.
CVE-2021-33361 1 Gpac 1 Gpac 2023-05-27 4.3 MEDIUM 5.5 MEDIUM
Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-36414 1 Gpac 1 Gpac 2023-05-27 6.8 MEDIUM 7.8 HIGH
A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-40562 1 Gpac 1 Gpac 2023-05-27 4.3 MEDIUM 5.5 MEDIUM
A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service.
CVE-2021-33366 1 Gpac 1 Gpac 2023-05-27 4.3 MEDIUM 5.5 MEDIUM
Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-40563 1 Gpac 1 Gpac 2023-05-27 4.3 MEDIUM 5.5 MEDIUM
A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.
CVE-2021-40564 1 Gpac 1 Gpac 2023-05-27 4.3 MEDIUM 5.5 MEDIUM
A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.
CVE-2021-33364 1 Gpac 1 Gpac 2023-05-27 4.3 MEDIUM 5.5 MEDIUM
Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-45262 1 Gpac 1 Gpac 2023-05-27 4.3 MEDIUM 5.5 MEDIUM
An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash.