CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22749
https://notcve.org/view.php?id=CVE-2024-22749
25 Jan 2024 — GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577 Se detectó que GPAC v2.3 contenía un desbordamiento de búfer a través de la función gf_isom_new_generic_sample_description en isomedia/isom_write.c:4577 • https://github.com/gpac/gpac/issues/2713 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50120
https://notcve.org/view.php?id=CVE-2023-50120
10 Jan 2024 — MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. Se descubrió que MP4Box GPAC versión 2.3-DEV-rev636-gfbd7e13aa-master contiene un bucle infinito en la función av1_uvlc en media_tools/av_parsers.c. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un archivo MP4 manip... • https://github.com/gpac/gpac/issues/2698 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0322 – Out-of-bounds Read in gpac/gpac
https://notcve.org/view.php?id=CVE-2024-0322
08 Jan 2024 — Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Fuera de los límites Read en el repositorio de GitHub gpac/gpac anterior a 2.3-DEV. • https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0321 – Stack-based Buffer Overflow in gpac/gpac
https://notcve.org/view.php?id=CVE-2024-0321
08 Jan 2024 — Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. desbordamiento de búfer en la región stack de la memoria en el repositorio de GitHub gpac/gpac anterior a 2.3-DEV. It was discovered that the GPAC MP4Box utility incorrectly handled certain AC3 files, which could lead to an out-of-bounds read. A remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that the G... • https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46929
https://notcve.org/view.php?id=CVE-2023-46929
03 Jan 2024 — An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application. Un problema descubierto en GPAC 2.3-DEV-rev605-gfc9e29089-master en MP4Box en gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 permite a los atacantes bloquear la aplicación. • https://github.com/gpac/gpac/commit/4248def5d24325aeb0e35cacde3d56c9411816a6 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46932
https://notcve.org/view.php?id=CVE-2023-46932
09 Dec 2023 — Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box. Vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en GPAC versión 2.3-DEV-rev617-g671976fcc-master, permite a atacantes ejecutar código arbitrario y provocar una denegación de servicio (DoS) a través de la clase str2ulong en src/media_tools/avilib.c en gpac/MP4Box. • https://github.com/gpac/gpac/issues/2669 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48958
https://notcve.org/view.php?id=CVE-2023-48958
07 Dec 2023 — gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589. gpac 2.3-DEV-rev617-g671976fcc-master contiene pérdidas de memoria en gf_mpd_resolve_url media_tools/mpd.c:4589. • https://gist.github.com/dr0v/1204f7a5f1e1497e7bca066638acfbf5 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46871
https://notcve.org/view.php?id=CVE-2023-46871
07 Dec 2023 — GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service. La versión 2.3-DEV-rev602-ged8424300-master de GPAC en MP4Box contiene una pérdida de memoria en NewSFDouble scenegraph/vrml_tools.c:300. Esta vulnerabilidad puede provocar una denegación de servicio. • https://gist.github.com/ReturnHere/d0899bb03b8f5e8fae118f2b76888486 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48039
https://notcve.org/view.php?id=CVE-2023-48039
20 Nov 2023 — GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75. GPAC 2.3-DEV-rev617-g671976fcc-master es vulnerable a pérdidas de memoria en gf_mpd_parse_string media_tools/mpd.c:75. • https://github.com/gpac/gpac/issues/2679 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48090
https://notcve.org/view.php?id=CVE-2023-48090
20 Nov 2023 — GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329. GPAC 2.3-DEV-rev617-g671976fcc-master es vulnerable a pérdidas de memoria en extract_attributes media_tools/m3u8.c:329. • https://github.com/gpac/gpac/issues/2680 • CWE-401: Missing Release of Memory after Effective Lifetime •