jeanlf

110 exploits Active since Mar 2020
CVE-2023-4758 WRITEUP MEDIUM WRITEUP
Gpac < 2.3 - Buffer Over-read
Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS 5.5
CVE-2023-4778 WRITEUP MEDIUM WRITEUP
Gpac < 2.3-dev - Out-of-Bounds Read
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS 5.5
CVE-2023-48011 WRITEUP HIGH WRITEUP
Gpac - Use After Free
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.
CVSS 7.8
CVE-2023-48013 WRITEUP HIGH WRITEUP
Gpac - Double Free
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.
CVSS 7.8
CVE-2023-48014 WRITEUP HIGH WRITEUP
Gpac - Out-of-Bounds Write
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.
CVSS 7.8
CVE-2023-5377 WRITEUP HIGH WRITEUP
Gpac < 2.2.1 - Out-of-Bounds Read
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.
CVSS 7.1
CVE-2023-5586 WRITEUP HIGH WRITEUP
Gpac < 2.3.0 - NULL Pointer Dereference
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVSS 7.8
CVE-2024-6061 WRITEUP LOW WRITEUP
Gpac - Infinite Loop
A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 20c0f29139a82779b86453ce7f68d0681ec7624c. It is recommended to apply a patch to fix this issue. The identifier VDB-268789 was assigned to this vulnerability.
CVSS 3.3
CVE-2024-6062 WRITEUP LOW WRITEUP
Gpac - NULL Pointer Dereference
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 31e499d310a48bd17c8b055a0bfe0fe35887a7cd. It is recommended to apply a patch to fix this issue. VDB-268790 is the identifier assigned to this vulnerability.
CVSS 3.3
CVE-2024-6063 WRITEUP LOW WRITEUP
Gpac - NULL Pointer Dereference
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-268791.
CVSS 3.3