Gpac: Security Vulnerabilities
GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-09-06
A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.
CVSS Score
5.5
EPSS Score
0.004
Published
2022-08-17
A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-08-17
GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-08-17
NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.
CVSS Score
5.7
EPSS Score
0.005
Published
2022-07-27
Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-07-19
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-07-19
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.005
Published
2022-06-28
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.005
Published
2022-06-28
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.005
Published
2022-06-28