GPAC 安全漏洞

GPAC is an open source multimedia framework. a security vulnerability exists in GPAC, which stems from a binary MP4Box in GPAC v1.0.1 that was found to contain a segmentation error via the function memmove avx unaligned erms. An attacker could exploit this vulnerability to cause a denial of servi...

Heap-based Buffer Overflow in gpac/gpac

Description When fuzzing gpac with clang 10 I found a heap overflow. Proof of Concept pocgffprintf Crash stack trace aldo@vps:/gpac/bin/gcc$ ASANOPTIONS=symbolize=1 ASANSYMBOLIZERPATH=/usr/bin/llvm-symbolizer ./MP4Box -disox -ttxt -2 -dump-chap-ogg -dump-cover -drtp -bt -out /dev/null...

None in gpac/gpac

Description Use After Free in gpac Proof of Concept MP4Box -bt POC4 MP4Box -bt POC5 POC4 is here. POC5 is here. ASAN ==414586==ERROR: AddressSanitizer: heap-use-after-free on address 0x6100000007fc at pc 0x7f7926081250 bp 0x7ffd2e84f4a0 sp 0x7ffd2e84f490 READ of size 4 at 0x6100000007fc thread T0...

in gpac/gpac

Description Null Pointer Dereference in gfdumpvrmlfield.isra Proof of Concept MP4Box -bt POC2 POC2 is here. Bt Program received signal SIGSEGV, Segmentation fault. 0x0000000000644ca4 in gfdumpvrmlfield.isra LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA...

Denial Of Service (DoS)

binary MP4Box in Gpac is vulnerable to denial of service. The vulnerability exists due to a double-free vulnerability in the gftextgetutf8line function in loadtext.c...

Denial Of Service (DoS)

libgpac.so is vulnerable to denial of service. Parsing a malicious file in the gfodfsizedescriptor function in descprivate.c while using mp4box causes a double-free, leading to an application crash...

GPAC has an unspecified vulnerability (CNVD-2022-04959)

GPAC is an open source multimedia framework. version 1.0.1 of GPAC contains a security vulnerability that stems from the existence of a context-dependent abort failure in MP4Box, which could be exploited by an attacker to cause a denial of service...

CVE-2021-40572

The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmxfinalize function in reframeav1.c, which allows attackers to cause a denial of service...

CVE-2021-40576

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gfisomgetpaytcount function in hinttrack.c, which allows attackers to cause a denial of service...

DEBIAN-CVE-2021-40574

The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gftextgetutf8line function in loadtext.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges...

CVE-2021-40576

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gfisomgetpaytcount function in hinttrack.c, which allows attackers to cause a denial of service...

CVE-2021-40574

The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gftextgetutf8line function in loadtext.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges...

CVE-2021-40572

The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmxfinalize function in reframeav1.c, which allows attackers to cause a denial of service...

CVE-2021-40575

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmxprocess function in reframempgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566...

DEBIAN-CVE-2021-40575

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmxprocess function in reframempgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566...

DEBIAN-CVE-2021-40576

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gfisomgetpaytcount function in hinttrack.c, which allows attackers to cause a denial of service...

DEBIAN-CVE-2021-40573

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gflistdel function in list.c, which allows attackers to cause a denial of service...

CVE-2021-40573

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gflistdel function in list.c, which allows attackers to cause a denial of service...

CVE-2021-40575

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmxprocess function in reframempgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566...

CVE-2021-40573

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gflistdel function in list.c, which allows attackers to cause a denial of service...