Jean Le Feuvre

7 exploits Active since Apr 2021
CVE-2021-30014 WRITEUP MEDIUM WRITEUP
GPAC <1.0.1 - Buffer Overflow
There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash.
CVSS 5.5
CVE-2022-30976 WRITEUP HIGH WRITEUP
GPAC 2.0.0 - Buffer Overflow
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
CVSS 7.1
CVE-2023-23145 WRITEUP HIGH WRITEUP
Gpac - Memory Leak
GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.
CVSS 7.8
CVE-2026-1415 WRITEUP LOW WRITEUP
Gpac < 2.4.0 - NULL Pointer Dereference
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is af951b892dfbaaa38336ba2eba6d6a42c25810fd. To fix this issue, it is recommended to deploy a patch.
CVSS 3.3
CVE-2026-1416 WRITEUP LOW WRITEUP
Gpac < 2.4.0 - NULL Pointer Dereference
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as d45c264c20addf0c1cc05124ede33f8ffa800e68. It is advisable to implement a patch to correct this issue.
CVSS 3.3
CVE-2026-1417 WRITEUP LOW WRITEUP
Gpac < 2.4.0 - NULL Pointer Dereference
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: f96bd57c3ccdcde4335a0be28cd3e8fe296993de. Applying a patch is the recommended action to fix this issue.
CVSS 3.3
CVE-2026-1418 WRITEUP MEDIUM WRITEUP
Gpac < 2.4.0 - Out-of-Bounds Write
A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The name of the patch is 10c73b82cf0e367383d091db38566a0e4fe71772. It is best practice to apply a patch to resolve this issue.
CVSS 5.3