Shodan
Vulnerabilities
Vulnerable Software
Gpac:  Security Vulnerabilities
CVE-2021-40592
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-06-08
CVE-2022-1795
Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-05-18
CVE-2022-30976
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-05-18
CVE-2022-29339
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-05
CVE-2022-29340
GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-05
CVE-2022-1441
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-04-25
CVE-2022-29537
gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-20
CVE-2022-27145
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-08
CVE-2022-27146
GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-08
CVE-2022-27147
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved