CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-1448 – GPAC mpegts.c gf_m2ts_process_sdt heap-based overflow
https://notcve.org/view.php?id=CVE-2023-1448
17 Mar 2023 — A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/gpac/gpac/issues/2388 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0841 – GPAC reframe_mp3.c mp3_dmx_process heap-based overflow
https://notcve.org/view.php?id=CVE-2023-0841
15 Feb 2023 — A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/advisories/GHSA-w52x-cp47-xhhw • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0818 – Off-by-one Error in gpac/gpac
https://notcve.org/view.php?id=CVE-2023-0818
13 Feb 2023 — Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code. • https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0817 – Buffer Over-read in gpac/gpac
https://notcve.org/view.php?id=CVE-2023-0817
13 Feb 2023 — Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. • https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0819 – Heap-based Buffer Overflow in gpac/gpac
https://notcve.org/view.php?id=CVE-2023-0819
13 Feb 2023 — Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code. • https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23143 – Debian Security Advisory 5411-1
https://notcve.org/view.php?id=CVE-2023-23143
20 Jan 2023 — Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master. Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code. • https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29340 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2022-29340
05 May 2022 — GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. GPAC versión 2.1-DEV-rev87-g053aae8-master. presenta una vulnerabilidad de Desreferencia de Puntero Null en gf_isom_parse_movie_boxes_internal debido a un manejo inapropiado del valor de retorno de GF_SKIP_BOX, que causa una Denegación de Servicio. Esta vul... • https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29339 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2022-29339
05 May 2022 — In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. En GPAC versión 2.1-DEV-rev87-g053aae8-master, la función BS_ReadByte() en el archivo utils/bitstream.c presenta una aserción fallida, que causa una Denegación de Servicio. Esta vulnerabilidad fue corregida en el commit 9ea93a2 Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitra... • https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f • CWE-617: Reachable Assertion •