Writeup Exploits
60,504 exploits tracked across all sources.
GPAC < 2022-04-12 - Denial of Service via Failed Assertion in BS_ReadByte
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.
CVSS 7.5
GPAC mp4box < 2.0.0 - Integer Overflow
GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.
CVSS 5.5
GPAC < 2.0.0 - Use-After-Free in gf_node_get_attribute_by_tag
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.
CVSS 5.5
GPAC mp4box < 2.0.0 - Heap-Based Buffer Overflow in gf_isom_apple_enum_tag
GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.
CVSS 5.5
GPAC < 2.0.0 - Stack Overflow in gf_isom_get_sample_for_movie_time
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.
CVSS 5.5
GPAC 2.0 - Heap-Based Buffer Overflow in gf_base64_encode
GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.
CVSS 7.8
GPAC 1.0.1 - NULL Pointer Dereference in gf_utf8_wcslen
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed Unicode utf8_wcslen function.)
CVSS 7.8
GPAC 1.0.1 - Use-After-Free in MP4Box
GPAC 1.0.1 is affected by Use After Free through MP4Box.
CVSS 5.5
GPAC 1.0.1 - Stack-based Buffer Overflow in MP4Box
GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.
CVSS 7.8
GPAC < 2.0.0 - Denial of Service via xtra_box_write Function
A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871.
CVSS 5.5
GPAC MP4Box - Buffer Overflow in diST_box_read Function
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.
CVSS 7.8
GPAC MP4Box 1.0.1 - Denial of Service via __memmove_avx_unaligned_erms
The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS).
CVSS 5.5
GPAC 1.1.0 - Denial of Service via NULL Pointer Dereference in gf_sg_destroy_routes
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS 5.5
GPAC 1.1.0 - Denial of Service via NULL Pointer Dereference in gf_dump_vrml_sffield
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS 5.5
GPAC 1.1.0 - Use-After-Free in gf_free Function
The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS 5.5
GPAC v1.1.0 - Denial of Service via Stack Overflow in gf_node_get_name
GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS).
CVSS 5.5
GPAC 1.1.0 - Denial of Service via Untrusted Pointer Dereference in gf_node_unregister
An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS 5.5
GPAC 1.1.0 - Denial of Service via NULL Pointer Dereference in gf_sg_vrml_field_pointer_del
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS 5.5
GPAC 1.1.0 - Denial of Service via NULL Pointer Dereference in gf_node_unregister
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS 5.5
GPAC 1.0.1 - Denial of Service via Media_IsSelfContained Function
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. .
CVSS 5.5
GPAC 1.0.1 - Denial of Service via gf_fileio_check Function
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service.
CVSS 5.5
GPAC 1.0.1 - NULL Pointer Dereference in gf_hinter_finalize
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function.
CVSS 5.5
GPAC 1.0.1 - Denial of Service via NULL Pointer Dereference in gf_isom_box_size
A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent).
CVSS 5.5
GPAC 1.0.1 - Denial of Service
GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent).
CVSS 5.5
GPAC 1.0.1 - Denial of Service via ShiftMetaOffset.isra
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent).
CVSS 5.5
By Source