jeanlf

110 exploits Active since Mar 2020
CVE-2021-40565 WRITEUP MEDIUM WRITEUP
Gpac <1.0.1 - Memory Corruption
A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service.
CVSS 5.5
CVE-2021-40566 WRITEUP MEDIUM WRITEUP
Gpac <1.0.1 - Use After Free
A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service.
CVSS 5.5
CVE-2021-40567 WRITEUP MEDIUM WRITEUP
Gpac <1.0.1 - Memory Corruption
Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service.
CVSS 5.5
CVE-2021-40568 WRITEUP HIGH WRITEUP
Gpac <1.0.1 - Buffer Overflow
A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVSS 7.8
CVE-2021-40569 WRITEUP MEDIUM WRITEUP
Gpac <1.0.1 - Use After Free
The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service.
CVSS 5.5
CVE-2021-40570 WRITEUP HIGH WRITEUP
Gpac 1.0.1 - Use After Free
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVSS 7.8
CVE-2021-40571 WRITEUP HIGH WRITEUP
Gpac 1.0.1 - Use After Free
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVSS 7.8
CVE-2021-40572 WRITEUP MEDIUM WRITEUP
Gpac 1.0.1 - Use After Free
The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.
CVSS 5.5
CVE-2021-40573 WRITEUP MEDIUM WRITEUP
Gpac 1.0.1 - Use After Free
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.
CVSS 5.5
CVE-2021-40574 WRITEUP HIGH WRITEUP
Gpac MP4Box <1.0.1 - Code Execution
The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVSS 7.8
CVE-2021-40575 WRITEUP MEDIUM WRITEUP
Gpac 1.0.1 - DoS
The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566.
CVSS 5.5
CVE-2021-40576 WRITEUP MEDIUM WRITEUP
Gpac 1.0.1 - DoS
The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service.
CVSS 5.5
CVE-2021-40592 WRITEUP MEDIUM WRITEUP
GPAC <1.0.1 - DoS
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.
CVSS 5.5
CVE-2022-1035 WRITEUP MEDIUM WRITEUP
Gpac < 2.0 - NULL Pointer Dereference
Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVSS 5.5
CVE-2022-1172 WRITEUP MEDIUM WRITEUP
Gpac < 2.0.0 - NULL Pointer Dereference
Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVSS 5.0
CVE-2022-1222 WRITEUP MEDIUM WRITEUP
Gpac < 2.0 - Infinite Loop
Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVSS 5.5
CVE-2022-2453 WRITEUP HIGH WRITEUP
Gpac < 2.0.0 - Use After Free
Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.
CVSS 7.8
CVE-2022-2454 WRITEUP HIGH WRITEUP
Gpac < 2.0.0 - Integer Overflow
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV.
CVSS 7.8
CVE-2022-2549 WRITEUP MEDIUM WRITEUP
gpac/gpac <2.1.0-DEV - NULL Pointer Dereference
NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.
CVSS 5.5
CVE-2022-29339 WRITEUP HIGH WRITEUP
GPAC <2.1 - DoS
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.
CVSS 7.5
CVE-2022-29340 WRITEUP HIGH WRITEUP
GPAC 2.1-DEV-rev87-g053aae8-master - DoS
GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.
CVSS 7.5
CVE-2022-3178 WRITEUP HIGH WRITEUP
Gpac < 2.1.0-dev - Buffer Over-read
Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVSS 7.8
CVE-2022-3222 WRITEUP MEDIUM WRITEUP
gpac/gpac <2.1.0-DEV - RCE
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVSS 5.5
CVE-2022-3957 WRITEUP MEDIUM WRITEUP
Gpac < 2.2.0 - Memory Leak
A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.
CVSS 4.3
CVE-2022-4202 WRITEUP MEDIUM WRITEUP
Gpac - Numeric Error
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability.
CVSS 6.3