Gpac Security Vulnerabilities

CVE-2022-46490

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.

CVE-2022-47086

GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c

CVE-2022-47087

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c

CVE-2022-47088

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.

CVE-2022-47089

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c

CVE-2022-47091

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c

CVE-2022-47092

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316

CVE-2022-47093

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid

CVE-2022-47094

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid

CVE-2022-47095

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c

CVE-2022-47653

GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113

CVE-2022-47654

GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261

CVE-2022-47656

GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273

CVE-2022-47657

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662

CVE-2022-47658

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039

CVE-2022-47659

GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data

CVE-2022-47660

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c

CVE-2022-47661

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes

CVE-2022-47662

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662

CVE-2022-47663

GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609

CVE-2023-0358

Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE-2023-0760

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.

CVE-2023-0770

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.

CVE-2023-0817

Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.

CVE-2023-0818

Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.

CVE-2023-0819

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.

CVE-2023-0841

A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been dis...

CVE-2023-0866

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV.

CVE-2023-1448

A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been dis...

CVE-2023-1449

A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The ex...

CVE-2023-1452

A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit h...

CVE-2023-1654

Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.

CVE-2023-1655

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.

CVE-2023-23143

Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master.

CVE-2023-23144

Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.

CVE-2023-23145

GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.

CVE-2023-2837

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-2838

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-2839

Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-2840

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-3012

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-3013

Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-3291

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-3523

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-37174

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.

CVE-2023-37765

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.

CVE-2023-37766

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.

CVE-2023-37767

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.

CVE-2023-39562

GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.

CVE-2023-41000

GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.