CVE-2024-22749
https://notcve.org/view.php?id=CVE-2024-22749
GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577 Se detectó que GPAC v2.3 contenía un desbordamiento de búfer a través de la función gf_isom_new_generic_sample_description en isomedia/isom_write.c:4577 • https://github.com/gpac/gpac/issues/2713 https://github.com/hanxuer/crashes/blob/main/gapc/01/readme.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-50120
https://notcve.org/view.php?id=CVE-2023-50120
MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. Se descubrió que MP4Box GPAC versión 2.3-DEV-rev636-gfbd7e13aa-master contiene un bucle infinito en la función av1_uvlc en media_tools/av_parsers.c. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un archivo MP4 manipulado. • https://github.com/gpac/gpac/issues/2698 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2024-0322 – Out-of-bounds Read in gpac/gpac
https://notcve.org/view.php?id=CVE-2024-0322
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Fuera de los límites Read en el repositorio de GitHub gpac/gpac anterior a 2.3-DEV. • https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70 https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec • CWE-125: Out-of-bounds Read •
CVE-2024-0321 – Stack-based Buffer Overflow in gpac/gpac
https://notcve.org/view.php?id=CVE-2024-0321
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. desbordamiento de búfer en la región stack de la memoria en el repositorio de GitHub gpac/gpac anterior a 2.3-DEV. • https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-46929
https://notcve.org/view.php?id=CVE-2023-46929
An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application. Un problema descubierto en GPAC 2.3-DEV-rev605-gfc9e29089-master en MP4Box en gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 permite a los atacantes bloquear la aplicación. • https://github.com/gpac/gpac/commit/4248def5d24325aeb0e35cacde3d56c9411816a6 https://github.com/gpac/gpac/issues/2662 •