Writeup Exploits
60,504 exploits tracked across all sources.
GPAC < 2.2.0 - Buffer Overflow in gf_vvc_read_pps_bs_internal
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c
CVSS 7.8
GPAC MP4Box <2.1 - Memory Corruption
GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c
CVSS 5.5
gpac < 2.2.0 - Memory Leak in afrt_box_read
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.
CVSS 5.5
GPAC < 2.2.0 - Memory Leak in gf_isom_box_parse_ex
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.
CVSS 5.5
GPAC < 2.2.0 - Use-After-Free via Q_IsTypeOn Function
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.
CVSS 7.8
GPAC MP4box 2.0.0 - Stack Overflow in smil_parse_time_list Parameter
GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c.
CVSS 7.8
GPAC < 2.2.0 - Memory Leak in dimC_box_read Function
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.
CVSS 5.5
GPAC < 2.2.0 - Stack Overflow in dimC_box_read Function
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.
CVSS 7.8
GPAC < 2.2.0 - Memory Leak in gf_odf_new_iod
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.
CVSS 5.5
GPAC < 2.2.0 - Memory Leak in gf_list_new
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c.
CVSS 5.5
GPAC < 2.2.0 - Out-of-bounds Write via gf_dump_vrml_sffield Function
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.
CVSS 5.5
GPAC < 2.2.0 - Out-of-bounds Write via gf_isom_get_meta_item_info
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.
CVSS 5.5
gpac < 2.2.0 - Out-of-bounds Read in BD_CheckSFTimeOffset
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.
CVSS 5.5
GPAC < 2.2.0 - Heap Buffer Overflow in FixSDTPInTRAF Function
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.
CVSS 7.8
GPAC < 2.2.0 - Heap Buffer Overflow in gf_isom_box_dump_start_ex
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.
CVSS 7.8
GPAC < 2.2.0 - Out-of-bounds Write via gf_isom_meta_restore_items_ref
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.
CVSS 5.5
GPAC 2.1-DEV-rev490-g68064e101-master - Integer Overflow in lsr_translate_coords
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability.
CVSS 6.3
GPAC < 2.2.0 - Stack Overflow via ISOM_IOD Processing
GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD.
CVSS 7.8
gpac < 2.2.0 - Heap-Based Buffer Overflow in gf_isom_dovi_config_get
A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.
CVSS 5.5
GPAC < 2.2.0 - Use-After-Free in gf_isom_dovi_config_get
GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.
CVSS 9.8
GPAC - Denial of Service via Null Pointer Dereference in gf_filter_pid_set_property_full
A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1.
CVSS 7.5
GPAC 2.0.0 - Heap-Based Buffer Over-Read via gf_utf8_wcslen Function
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
CVSS 7.1
GPAC 2.0.0 - Heap-Based Buffer Over-Read via gf_utf8_wcslen Function
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
CVSS 7.1
GPAC 2.0.0 - Heap-Based Buffer Over-Read in gp_rtp_builder_do_hevc
gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box.
CVSS 5.5
GPAC 2.1-DEV-rev87-g053aae8-master - DoS
GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.
CVSS 7.5
By Source