Shodan
Vulnerabilities
Vulnerable Software
Gpac:  Security Vulnerabilities
CVE-2025-70299
A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-01-15
CVE-2025-70307
A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVSS Score
7.5
EPSS Score
0.004
Published
2026-01-15
CVE-2025-70308
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.
CVSS Score
7.5
EPSS Score
0.003
Published
2026-01-15
CVE-2025-70309
A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.
CVSS Score
5.5
EPSS Score
0.001
Published
2026-01-15
CVE-2025-70310
A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.
CVSS Score
5.5
EPSS Score
0.001
Published
2026-01-15
CVE-2025-70298
GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.
CVSS Score
8.2
EPSS Score
0.004
Published
2026-01-15
CVE-2025-70304
A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVSS Score
7.5
EPSS Score
0.003
Published
2026-01-15
CVE-2025-70305
A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.
CVSS Score
5.5
EPSS Score
0.002
Published
2026-01-15
CVE-2025-7797
A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 153ea314b6b053db17164f8bc3c7e1e460938eaa. It is recommended to apply a patch to fix this issue.
CVSS Score
5.5
EPSS Score
0.009
Published
2025-07-18
CVE-2025-25723
Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code.
CVSS Score
8.4
EPSS Score
0.004
Published
2025-02-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved