CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37766
https://notcve.org/view.php?id=CVE-2023-37766
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so. • https://github.com/gpac/gpac/issues/2516 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37767
https://notcve.org/view.php?id=CVE-2023-37767
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so. • https://github.com/gpac/gpac/issues/2514 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1655 – Heap-based Buffer Overflow in gpac/gpac
https://notcve.org/view.php?id=CVE-2023-1655
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0. • https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f952bcdf55af1dd6e919f4 https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-1452 – GPAC load_text.c buffer overflow
https://notcve.org/view.php?id=CVE-2023-1452
A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. • https://github.com/gpac/gpac/issues/2386 https://github.com/xxy1126/Vuln/blob/main/gpac/1.mp4 https://vuldb.com/?ctiid.223297 https://vuldb.com/?id.223297 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-1449 – GPAC av_parsers.c gf_av1_reset_state double free
https://notcve.org/view.php?id=CVE-2023-1449
A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://github.com/gpac/gpac/issues/2387 https://github.com/xxy1126/Vuln/blob/main/gpac/2 https://vuldb.com/?ctiid.223294 https://vuldb.com/?id.223294 • CWE-415: Double Free •