jeanlf

110 exploits Active since Mar 2020
CVE-2019-20628 WRITEUP MEDIUM WRITEUP
GPAC < 0.8.0 - Use-After-Free in gf_m2ts_process_pmt
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVSS 5.5
CVE-2019-20629 WRITEUP MEDIUM WRITEUP
GPAC < 0.8.0 - Denial of Service via Heap-Based Buffer Over-Read in MP4Box
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVSS 5.5
CVE-2019-20630 WRITEUP MEDIUM WRITEUP
GPAC < 0.8.0 - Denial of Service via Heap-Based Buffer Over-Read in Bitstream Parser
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.
CVSS 5.5
CVE-2020-19481 WRITEUP MEDIUM WRITEUP
GPAC < 0.8.0 - Denial of Service via Crafted MP4 File
An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVSS 5.5
CVE-2020-19488 WRITEUP MEDIUM WRITEUP
gpac MP4Box 0.8.0 - Denial of Service via Invalid Read in ilst_item_Read
An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilst_item_Read.
CVSS 5.5
CVE-2020-23928 WRITEUP HIGH WRITEUP
gpac < 1.0.1 - Heap-Based Buffer Over-Read in abst_box_read
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.
CVSS 7.1
CVE-2020-23930 WRITEUP MEDIUM WRITEUP
gpac < 1.0.1 - Denial of Service via NULL Pointer Dereference in nhmldump_send_header
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.
CVSS 5.5
CVE-2020-23931 WRITEUP HIGH WRITEUP
gpac < 1.0.1 - Heap-Based Buffer Over-Read in abst_box_read
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.
CVSS 7.1
CVE-2020-23932 WRITEUP MEDIUM WRITEUP
gpac < 1.0.1 - Denial of Service via NULL Pointer Dereference in dump_isom_sdp
An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.
CVSS 5.5
CVE-2020-25427 WRITEUP MEDIUM WRITEUP
GPAC MP4Box - Denial of Service via Null Pointer Dereference in gf_isom_get_track_id
A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.
CVSS 5.5
CVE-2020-35979 WRITEUP HIGH WRITEUP
GPAC 0.8.0 and 1.0.1 - Heap-Based Buffer Overflow in gp_rtp_builder_do_avc
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.
CVSS 7.8
CVE-2020-35980 WRITEUP HIGH WRITEUP
GPAC 0.8.0 and 1.0.1 - Use-After-Free in gf_isom_box_del()
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
CVSS 7.8
CVE-2020-35981 WRITEUP HIGH WRITEUP
GPAC 0.8.0 and 1.0.1 - NULL Pointer Dereference in SetupWriters()
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
CVSS 7.8
CVE-2020-35982 WRITEUP HIGH WRITEUP
GPAC 0.8.0 and 1.0.1 - NULL Pointer Dereference in gf_hinter_track_finalize
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.
CVSS 7.8
CVE-2021-29279 WRITEUP HIGH WRITEUP
GPAC 1.0.1 - Integer Overflow in gf_props_assign_value
There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed.
CVSS 7.8
CVE-2021-30015 WRITEUP MEDIUM WRITEUP
GPAC 1.0.1 - Null Pointer Dereference in gf_filter_pck_new_alloc_internal
There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal.
CVSS 5.5
CVE-2021-30019 WRITEUP MEDIUM WRITEUP
GPAC 1.0.1 - Heap Overflow via ADTS Frame Size Mismatch
In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy.
CVSS 5.5
CVE-2021-30020 WRITEUP MEDIUM WRITEUP
GPAC 1.0.1 - Heap Overflow via Crafted File in gf_hevc_read_pps_bs_internal
In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop.
CVSS 5.5
CVE-2021-30022 WRITEUP MEDIUM WRITEUP
GPAC 0.5.2-1.0.1 - Integer Overflow in av_parsers.c
There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC from 0.5.2 to 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash.
CVSS 5.5
CVE-2021-30199 WRITEUP MEDIUM WRITEUP
GPAC 1.0.1 - Null Pointer Dereference in gf_filter_pck_get_data
In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.
CVSS 5.5
CVE-2021-31254 WRITEUP HIGH WRITEUP
GPAC 1.0.1 - Out-of-bounds Write in tenc_box_read Function
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.
CVSS 7.8
CVE-2021-31255 WRITEUP HIGH WRITEUP
GPAC 1.0.1 - Buffer Overflow in MP4Box abst_box_read Function
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVSS 7.8
CVE-2021-31256 WRITEUP MEDIUM WRITEUP
GPAC - Memory Leak in stbl_GetSampleInfos Function
Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVSS 5.5
CVE-2021-31257 WRITEUP MEDIUM WRITEUP
GPAC 1.0.1 - Denial of Service via Crafted MP4Box HintFile Input
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVSS 5.5
CVE-2021-31258 WRITEUP MEDIUM WRITEUP
GPAC 1.0.1 - Denial of Service via NULL Pointer Dereference in gf_isom_set_extraction_slc
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVSS 5.5