Aurelien David

44 exploits Active since Mar 2018
CVE-2023-0818 WRITEUP MEDIUM WRITEUP
gpac/gpac <2.3.0-DEV - Info Disclosure
Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.
CVSS 5.5
CVE-2023-0819 WRITEUP HIGH WRITEUP
gpac < 2.3.0-dev - Heap-based Buffer Overflow
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.
CVSS 7.8
CVE-2023-0841 WRITEUP MEDIUM WRITEUP
GPAC 2.3-DEV-rev40-g3602a5ded - Heap-based Buffer Overflow in mp3_dmx_process
A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.
CVSS 6.3
CVE-2023-0866 WRITEUP HIGH WRITEUP
gpac < 2.2.0 - Heap-based Buffer Overflow
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVSS 7.8
CVE-2023-46001 WRITEUP MEDIUM WRITEUP
gpac MP4Box 2.3-DEV-rev573-g201320819-master - Buffer Overflow in gf_isom_get_user_data
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.
CVSS 5.5
CVE-2023-46927 WRITEUP MEDIUM WRITEUP
GPAC 2.3-DEV-rev605-gfc9e29089-master - Heap-Based Buffer Overflow in gf_isom_use_compact_size
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.
CVSS 5.5
CVE-2023-46928 WRITEUP MEDIUM WRITEUP
GPAC 2.3-DEV-rev605-gfc9e29089-master - Memory Corruption
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.
CVSS 5.5
CVE-2023-46929 WRITEUP HIGH WRITEUP
GPAC 2.3-DEV-rev605-gfc9e29089-master - Denial of Service in MP4Box AVC VUI Parser
An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.
CVSS 7.5
CVE-2023-46930 WRITEUP MEDIUM WRITEUP
GPAC 2.3-DEV-rev605-gfc9e29089-master - Memory Corruption
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.
CVSS 5.5
CVE-2023-5520 WRITEUP HIGH WRITEUP
gpac < 2.2.2 - Out-of-bounds Read
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVSS 7.7
CVE-2023-5595 WRITEUP MEDIUM WRITEUP
gpac < 2.3.0 - Denial of Service
Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVSS 5.5
CVE-2023-5998 WRITEUP HIGH WRITEUP
gpac < 2.3.0 - Out-of-bounds Read
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVSS 7.5
CVE-2024-0321 WRITEUP CRITICAL WRITEUP
gpac < 2.3.0-dev - Stack-based Buffer Overflow
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS 9.8
CVE-2024-0322 WRITEUP CRITICAL WRITEUP
gpac < 2.3.0 - Out-of-bounds Read
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS 9.1
CVE-2024-24267 WRITEUP HIGH WRITEUP
gpac 2.2.1-2.3.0 - Memory Leak in gf_fileio_from_blob
gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
CVSS 7.5
CVE-2024-57184 WRITEUP MEDIUM WRITEUP
GPAC v0.8.0 - Heap-Based Buffer Overflow in gf_m2ts_process_pmt
An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.
CVSS 5.5
CVE-2024-6064 WRITEUP MEDIUM WRITEUP
GPAC 2.5-DEV-rev228-g11067ea92-master - Use-After-Free in MP4Box xmt_node_end Function
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf690567980d96662f5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-268792.
CVSS 5.3
CVE-2025-25723 WRITEUP HIGH WRITEUP
GPAC 2.5 - Buffer Overflow
Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code.
CVSS 8.4
CVE-2025-7797 WRITEUP MEDIUM WRITEUP
GPAC <2.4 - Null Pointer Dereference
A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 153ea314b6b053db17164f8bc3c7e1e460938eaa. It is recommended to apply a patch to fix this issue.
CVSS 5.3