A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: f96bd57c3ccdcde4335a0be28cd3e8fe296993de. Applying a patch is the recommended action to fix this issue.
CVSS Score
3.3
EPSS Score
0.0
Published
2026-01-26
A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The name of the patch is 10c73b82cf0e367383d091db38566a0e4fe71772. It is best practice to apply a patch to resolve this issue.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-26
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as d45c264c20addf0c1cc05124ede33f8ffa800e68. It is advisable to implement a patch to correct this issue.
CVSS Score
3.3
EPSS Score
0.0
Published
2026-01-26
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is af951b892dfbaaa38336ba2eba6d6a42c25810fd. To fix this issue, it is recommended to deploy a patch.
CVSS Score
3.3
EPSS Score
0.0
Published
2026-01-26
A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 153ea314b6b053db17164f8bc3c7e1e460938eaa. It is recommended to apply a patch to fix this issue.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-07-18
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS Score
4.0
EPSS Score
0.001
Published
2024-01-08
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-01-08
An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-09
GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-12-07
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-11-07
Page 1