CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47095
https://notcve.org/view.php?id=CVE-2022-47095
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c • https://github.com/gpac/gpac/issues/2346 https://www.debian.org/security/2023/dsa-5411 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45202
https://notcve.org/view.php?id=CVE-2022-45202
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c. Se descubrió que GPAC v2.1-DEV-rev428-gcb8ae46c8-master contenía un desbordamiento de pila a través de la función dimC_box_read en isomedia/box_code_3gpp.c. • https://github.com/gpac/gpac/issues/2296 https://www.debian.org/security/2023/dsa-5411 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45204
https://notcve.org/view.php?id=CVE-2022-45204
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c. Se descubrió que GPAC v2.1-DEV-rev428-gcb8ae46c8-master contenía una pérdida de memoria a través de la función dimC_box_read en isomedia/box_code_3gpp.c. • https://github.com/gpac/gpac/issues/2307 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45343
https://notcve.org/view.php?id=CVE-2022-45343
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. Se descubrió que GPAC v2.1-DEV-rev478-g696e6f868-master contenía un montón de use-after-free a través de la función Q_IsTypeOn en /gpac/src/bifs/unquantize.c. • https://github.com/gpac/gpac/issues/2315 https://www.debian.org/security/2023/dsa-5411 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3957 – GPAC SVG Parser svg_attributes.c svg_parse_preserveaspectratio memory leak
https://notcve.org/view.php?id=CVE-2022-3957
A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. • https://github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb https://vuldb.com/?id.213463 https://www.debian.org/security/2023/dsa-5411 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •