Shodan
Vulnerabilities
Vulnerable Software
Gpac:  >> Gpac  >> 1.0.1  Security Vulnerabilities
CVE-2021-30022
There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC from 0.5.2 to 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-19
CVE-2021-30199
In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-19
CVE-2021-31254
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-04-19
CVE-2021-31255
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-04-19
CVE-2021-31256
Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-19
CVE-2021-31257
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-19
CVE-2021-31258
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-19
CVE-2021-31259
The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-04-19
CVE-2021-31260
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-19
CVE-2021-31261
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-04-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved