Latest gpac gpac Vulnerabilities

CVE-2024-24267
gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
GPAC GPAC=2.2.1
CVE-2024-24266
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
GPAC GPAC=2.2.1
CVE-2024-24265
gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.
GPAC GPAC=2.2.1
CVE-2024-22749
GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577
GPAC GPAC=2.3
CVE-2023-50120
MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Den...
GPAC GPAC=2.3-dev
CVE-2024-0322
Out-of-bounds Read in gpac/gpac
GPAC GPAC<2.3.0
GPAC GPAC=2.3.0-dev
CVE-2024-0321
Stack-based Buffer Overflow in gpac/gpac
GPAC GPAC<2.3.0-dev
CVE-2023-46929
An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.
GPAC GPAC=2.3-dev-rev605-gfc9e29089-master
CVE-2023-47465
An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c.
GPAC GPAC<=2.2.1
CVE-2023-46871
GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.
GPAC GPAC<=2.3-dev-rev602-ged8424300-master
CVE-2023-48958
gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
GPAC GPAC=2.3-dev-rev617-g671976fcc-master
CVE-2023-48090
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.
GPAC GPAC=2.3-dev-rev617-g671976fcc-master
CVE-2023-48039
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.
GPAC GPAC=2.3-dev-rev617-g671976fcc-master
CVE-2023-48011
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.
GPAC GPAC=2.3-dev-rev566-g50c2ab06f-master
CVE-2023-48014
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.
GPAC GPAC=2.3-dev-rev566-g50c2ab06f-master
CVE-2023-48013
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.
GPAC GPAC=2.3-dev-rev566-g50c2ab06f-master
CVE-2023-5998
Out-of-bounds Read in gpac/gpac
GPAC GPAC<2.3.0
CVE-2023-46001
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_g...
GPAC GPAC=2.3-dev-rev573-g201320819-master
CVE-2023-46931
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.
GPAC GPAC=2.3-dev-rev605-gfc9e29089-master
CVE-2023-46930
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.
GPAC GPAC=2.3-dev-rev605-gfc9e29089-master
CVE-2023-46928
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.
GPAC GPAC=2.3-dev-rev605-gfc9e29089-master
CVE-2023-46927
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.
GPAC GPAC=2.3-dev-rev605-gfc9e29089-master
CVE-2023-5595
Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.
GPAC GPAC<2.3.0
CVE-2023-5586
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.
GPAC GPAC<2.3.0
CVE-2023-42298
An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.
GPAC GPAC<=2.2.1
CVE-2023-5520
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
GPAC GPAC<2.2.2
CVE-2023-5377
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.
GPAC GPAC<=2.2.1
CVE-2023-41000
GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.
GPAC GPAC<=2.2.1
CVE-2023-4778
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
GPAC GPAC<2.3-dev
CVE-2023-4758
Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.
GPAC GPAC<2.3
CVE-2023-4755
Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.
GPAC GPAC<2.3
CVE-2023-4754
Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.
GPAC GPAC<2.3
CVE-2023-4756
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
GPAC GPAC<2.3
CVE-2023-4721
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
GPAC GPAC<2.3-dev
CVE-2023-4722
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV.
GPAC GPAC<2.3-dev
CVE-2023-4720
Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.
GPAC GPAC<2.3-dev
CVE-2023-4683
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
GPAC GPAC<2.3-dev
CVE-2023-4681
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
GPAC GPAC<2.3
CVE-2023-4682
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
GPAC GPAC<2.3
CVE-2023-4678
Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.
GPAC GPAC<2.3
CVE-2023-39562
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (Do...
GPAC GPAC=2.3-2.3-dev-rev449-g5948e4f70-master
CVE-2023-37766
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.
GPAC GPAC=2.3-dev-rev381-g817a848f6-master
CVE-2023-37767
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.
GPAC GPAC=2.3-dev-rev381-g817a848f6-master
CVE-2023-37765
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.
GPAC GPAC=2.3-dev-rev381-g817a848f6-master
CVE-2023-37174
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.
GPAC GPAC=2.3-dev-rev381-g817a848f6-master
CVE-2023-3523
GPAC GPAC<=2.2.1
CVE-2023-3012
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
debian/gpac<=0.5.2-426-gc5ad4e4+dfsg5-5<=2.2.1+dfsg1-3
GPAC GPAC<2.2.2
CVE-2023-3013
Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.
GPAC GPAC<2.2.2
CVE-2023-2837
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
debian/gpac<=0.5.2-426-gc5ad4e4+dfsg5-5<=2.2.1+dfsg1-3
GPAC GPAC<2.2.2
CVE-2023-2838
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
debian/gpac<=0.5.2-426-gc5ad4e4+dfsg5-5<=2.2.1+dfsg1-3
GPAC GPAC<2.2.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203