Aurelien David

35 exploits Active since Mar 2018
CVE-2023-5520 WRITEUP HIGH WRITEUP
Gpac < 2.2.2 - Out-of-Bounds Read
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVSS 7.7
CVE-2023-5595 WRITEUP MEDIUM WRITEUP
Gpac < 2.3.0 - Denial of Service
Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVSS 5.5
CVE-2023-5998 WRITEUP HIGH WRITEUP
Gpac < 2.3.0 - Out-of-Bounds Read
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVSS 7.5
CVE-2024-0321 WRITEUP CRITICAL WRITEUP
Gpac < 2.3.0-dev - Out-of-Bounds Write
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS 9.8
CVE-2024-0322 WRITEUP CRITICAL WRITEUP
Gpac < 2.3.0 - Out-of-Bounds Read
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS 9.1
CVE-2024-24267 WRITEUP HIGH WRITEUP
Gpac < 2.4.0 - Memory Leak
gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
CVSS 7.5
CVE-2024-57184 WRITEUP MEDIUM WRITEUP
Gpac - Buffer Overflow
An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.
CVSS 5.5
CVE-2024-6064 WRITEUP MEDIUM WRITEUP
Gpac - Use After Free
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf690567980d96662f5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-268792.
CVSS 5.3
CVE-2025-25723 WRITEUP HIGH WRITEUP
Gpac - Buffer Overflow
Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code.
CVSS 8.4
CVE-2025-7797 WRITEUP MEDIUM WRITEUP
GPAC <2.4 - Null Pointer Dereference
A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 153ea314b6b053db17164f8bc3c7e1e460938eaa. It is recommended to apply a patch to fix this issue.
CVSS 5.3