Shodan
Vulnerabilities
Vulnerable Software
Gpac:  Security Vulnerabilities
CVE-2021-31260
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-19
CVE-2021-31261
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-19
CVE-2021-31262
The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-19
CVE-2021-28300
NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-04-14
CVE-2020-11558
An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_movie_boxes.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-04-05
CVE-2019-20629
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-03-24
CVE-2019-20630
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-03-24
CVE-2019-20631
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-03-24
CVE-2019-20632
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-03-24
CVE-2019-20628
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.
CVSS Score
5.5
EPSS Score
0.004
Published
2020-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved