gpac

402 tracked vulnerabilities.

CVE-2026-9572 LOW
GPAC MP4Box media.c Media_GetSample memory leak
May 26, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-8124 LOW
GPAC box_code_base.c sidx_box_read allocation of resources
May 08, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-39103 MEDIUM
GPAC <v391dc7f4d234988ea0bc3cc294eb725eddf8f702 - Buffer Overflow
May 05, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-33144 MEDIUM
GPAC MP4Box Heap Buffer Overflow Write in gf_xml_parse_bit_sequence_bs (NHML BS Parsing)
Mar 20, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-27821 HIGH
gpac <= 26.02.0 - Stack-based Buffer Overflow in NHML File Parser
Feb 26, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-1418 MEDIUM
GPAC < 2.4.0 - Out-of-Bounds Write in SRT Subtitle Import
Jan 26, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-1417 LOW
gpac < 2.4.0 - Null Pointer Dereference in dump_isom_rtp Function
Jan 26, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-1416 LOW
gpac < 2.4.0 - Null Pointer Dereference in DumpMovieInfo Function
Jan 26, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-1415 LOW
gpac < 2.4.0 - Null Pointer Dereference in gf_media_export_webvtt_metadata
Jan 26, 2026
CVSS 3.3
EPSS 0.00
CVE-2025-60465 MEDIUM
GPAC Project/MP4Box < 26.02.0 - Denial of Service via Crafted Media File
Jun 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-60464 HIGH
GPAC Project/MP4Box < 26.02.0 - Use-After-Free in gf_sei_load_from_state_internal
Jun 25, 2026
CVSS 7.8
EPSS 0.00
CVE-2025-60473 MEDIUM
GPAC Project/MP4Box < 26.02.0 - Denial of Service via Crafted File in gf_filter_in_parent_chain
Jun 25, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-60466 MEDIUM
GPAC Project/MP4Box < 26.02.0 - Use-After-Free in gf_filter_pid_get_packet
Jun 25, 2026
CVSS 5.0
EPSS 0.00
CVE-2025-60474 HIGH
GPAC Project/MP4Box < 26.02.0 - Denial of Service via gf_media_import Buffer Overflow
Jun 24, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-60467 HIGH
GPAC Project/MP4Box < 26.02.0 - Use-After-Free in gf_filter_pid_inst_swap_delete_task
Jun 24, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-60468 MEDIUM
GPAC MP4Box 2.5-DEV-rev1593-gfe88c3545-master - Use-After-Free in gf_filter_pid_inst_swap_delete_task
Jun 24, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-60471 MEDIUM
GPAC Project/MP4Box < 26.02.0 - Use-After-Free in gf_filter_pid_reconfigure_task_discard
Jun 24, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-55639 MEDIUM
GPAC MP4Box 2.4 - Denial of Service via Crafted MP4 File
Jun 23, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-55663 MEDIUM
GPAC MP4Box 2.4 - Denial of Service via Crafted MP4 File
Jun 15, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-55661 MEDIUM
GPAC MP4Box 2.4 - Heap-based Buffer Overflow in Opus Audio Stream Parser
Jun 15, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-55660 MEDIUM
GPAC MP4Box 2.4 - Denial of Service via Crafted MP4 File
Jun 15, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-55652 MEDIUM
GPAC MP4Box 2.4 - Heap-based Buffer Overflow in gf_isom_vp_config_new
Jun 15, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-55650 MEDIUM
GPAC MP4Box 2.4 - Denial of Service via Heap Use-After-Free in gf_node_get_tag
Jun 15, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-55649 MEDIUM
GPAC MP4Box 2.4 - Denial of Service via Crafted MP4 File
Jun 15, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-55648 MEDIUM
GPAC MP4Box 2.4 - Denial of Service via Crafted MP4 File
Jun 15, 2026
CVSS 5.5
EPSS 0.00