CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57184
https://notcve.org/view.php?id=CVE-2024-57184
24 Jan 2025 — An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file. • https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4679 – Use After Free in gpac/gpac
https://notcve.org/view.php?id=CVE-2023-4679
15 Nov 2024 — A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash. Existe una vulnerabilidad de use after free en la versión 2.3-DEV-revrelease de GPAC, específicamente en la función gf_filterpacket_del en filter_core/filter.c en la línea 38. Esta vulnerabilidad puede generar una condición de doble liberación, que puede ... • https://github.com/gpac/gpac/commit/b68b3f0bf5c366e003221d78fd663a1d5514a876 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6064 – GPAC MP4Box loader_xmt.c xmt_node_end use after free
https://notcve.org/view.php?id=CVE-2024-6064
17 Jun 2024 — A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to approach this attack. • https://github.com/gpac/gpac/commit/c1b9c794bad8f262c56f3cf690567980d96662f5 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6063 – GPAC MP4Box dmx_m2ts.c m2tsdmx_on_event null pointer dereference
https://notcve.org/view.php?id=CVE-2024-6063
17 Jun 2024 — A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. • https://github.com/gpac/gpac/commit/8767ed0a77c4b02287db3723e92c2169f67c85d5 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6062 – GPAC MP4Box load_text.c swf_svg_add_iso_sample null pointer dereference
https://notcve.org/view.php?id=CVE-2024-6062
17 Jun 2024 — A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/gpac/gpac/commit/31e499d310a48bd17c8b055a0bfe0fe35887a7cd • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6061 – GPAC MP4Box isoffin_read.c isoffin_process infinite loop
https://notcve.org/view.php?id=CVE-2024-6061
17 Jun 2024 — A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://github.com/gpac/gpac/commit/20c0f29139a82779b86453ce7f68d0681ec7624c • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28318
https://notcve.org/view.php?id=CVE-2024-28318
15 Mar 2024 — gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325 Se descubrió que gpac 2.3-DEV-rev921-g422b78ecf-master contiene una vulnerabilidad de escritura fuera de los límites a través de swf_get_string en scene_manager/swf_parse.c:325 • https://github.com/gpac/gpac/issues/2764 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28319
https://notcve.org/view.php?id=CVE-2024-28319
15 Mar 2024 — gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374 Se descubrió que gpac 2.3-DEV-rev921-g422b78ecf-master contiene una vulnerabilidad de lectura fuera de los límites a través de gf_dash_setup_period media_tools/dash_client.c:6374 • https://github.com/gpac/gpac/issues/2763 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-46426
https://notcve.org/view.php?id=CVE-2023-46426
09 Mar 2024 — Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c. Vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en gpac versión 2.3-DEV-rev588-g7edc40fee-master, permite a atacantes remotos ejecutar código arbitrario y provocar una denegación de servicio (DoS) a través del componente gf_fwrite en utils/os_file.c. • https://github.com/gpac/gpac/issues/2642 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46427
https://notcve.org/view.php?id=CVE-2023-46427
09 Mar 2024 — An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c. Se descubrió un problema en gpac versión 2.3-DEV-rev588-g7edc40fee-master, que permite a atacantes remotos ejecutar código arbitrario, provocar una denegación de servicio (DoS) y obtener información confidencial a través de la def... • https://github.com/gpac/gpac/issues/2641 • CWE-476: NULL Pointer Dereference •