CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24266
https://notcve.org/view.php?id=CVE-2024-24266
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c. Se descubrió que gpac v2.2.1 contenía una vulnerabilidad Use-After-Free (UAF) a través de la función dasher_configure_pid en /src/filters/dasher.c. • https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24267
https://notcve.org/view.php?id=CVE-2024-24267
gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function. Se descubrió que gpac v2.2.1 contenía una pérdida de memoria a través de la variable gfio_blob en la función gf_fileio_from_blob. • https://github.com/gpac/gpac/commit/d28d9ba45cf4f628a7b2c351849a895e6fcf2234 https://github.com/gpac/gpac/issues/2571 https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24265
https://notcve.org/view.php?id=CVE-2024-24265
gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function. Se descubrió que gpac v2.2.1 contenía una pérdida de memoria a través de la variable dst_props en la función gf_filter_pid_merge_properties_internal. • https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22749
https://notcve.org/view.php?id=CVE-2024-22749
GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577 Se detectó que GPAC v2.3 contenía un desbordamiento de búfer a través de la función gf_isom_new_generic_sample_description en isomedia/isom_write.c:4577 • https://github.com/gpac/gpac/issues/2713 https://github.com/hanxuer/crashes/blob/main/gapc/01/readme.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50120
https://notcve.org/view.php?id=CVE-2023-50120
MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. Se descubrió que MP4Box GPAC versión 2.3-DEV-rev636-gfbd7e13aa-master contiene un bucle infinito en la función av1_uvlc en media_tools/av_parsers.c. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un archivo MP4 manipulado. • https://github.com/gpac/gpac/issues/2698 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •