RSS   Vulnerabilities for 'GPAC'   RSS

2023-12-07
 
CVE-2023-46871

CWE-401
 

 
GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.

 
 
CVE-2023-48958

CWE-401
 

 
gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.

 
2023-12-09
 
CVE-2023-47465

CWE-noinfo
 

 
An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c.

 
 
CVE-2023-46932

CWE-787
 

 
Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.

 
2022-06-08
 
CVE-2021-40592

CWE-835
 

 
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.

 
2022-05-18
 
CVE-2022-1795

CWE-416
 

 
Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.

 
 
CVE-2022-30976

CWE-125
 

 
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.

 
2022-05-05
 
CVE-2022-29339

CWE-617
 

 
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.

 
 
CVE-2022-29340

CWE-476
 

 
GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.

 
2022-04-08
 
CVE-2022-27145

CWE-787
 

 
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.

 


Copyright 2024, cxsecurity.com

 

Back to Top