Denial Of Service (DoS)

libgpac.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to a segmentation fault in the dumpisomscene function of mp4box/filedump.c, which allows an attacker to cause an application crash via a crafted input...

DEBIAN-CVE-2023-37174

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dumpisomscene function at /mp4box/filedump.c...

CVE-2023-37174

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dumpisomscene function at /mp4box/filedump.c...

Design/Logic Flaw

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dumpisomscene function at /mp4box/filedump.c...

CVE-2023-37174

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dumpisomscene function at /mp4box/filedump.c...

CVE-2023-37174

GPAC 2.3-DEV-rev381-g817a848f6-master contains a segmentation fault in the dump_isom_scene function (mp4box/filedump.c). Reports across multiple sources confirm the issue. Practical impact is a crash/segmentation fault when exercising the affected code path; no explicit exploitation details are p...

PT-2023-25819 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev381-g817a848f6-master Description: A segmentation violation was discovered in the dump isom scene function at /mp4box/filedump.c. This issue affects the specified version of GPAC. Recommendations: For GPAC version...

CVE-2023-37174

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dumpisomscene function at /mp4box/filedump.c...

heap-buffer-overflow in function id3dmx_flush filters/reframe_mp3.c

Description Heap-buffer-overflow in MP4Box. Version bash MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

Memory Leak

gpac is vulnerable to Memory Leak. The vulnerability is available within the 'defparentboxnew' function in 'MP4Box' which results in a malicious attacker being able to read memory via a crafted file...

NULL Pointer Dereference in function xml_sax_append_string

Description NULL Pointer Dereference In utils/xmlparser.c:963 Environment No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal Version MP4Box - GPAC version 2.3-DEV-rev293-g56eed04c2-master c 2000-2023 Telecom Paris distributed under LG...

Divide By Zero FPE

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Release: n/a Codename: bookworm Version I checked against the latest release as of 05/18/23 the current master branch at commit a6ae93532ea5615c876c81a6580badbfa01d4383 . Description This AddressSanitizer output is...

OOB Read segfault

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Release: n/a Codename: bookworm Version I checked against the latest release as of 05/18/23 the current master branch at commit a6ae93532ea5615c876c81a6580badbfa01d4383 . Description This AddressSanitizer output is...

Stack-overflow in function xml_sax_parse at src/utils/xml_parser.c

Description Stack-overflow in MP4Box. Version shell MP4Box - GPAC version 2.3-DEV-rev263-g2afa05f4d-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

Unhandled SWF Tags in MP4Box: Potential Vulnerability in GPAC

An unhandled series of SWF tags have been identified in the MP4Box software, which is part of the GPAC multimedia framework. These tags are not properly processed, leading to potential vulnerabilities such as denial of service, buffer overflows, or other malicious attacks. POC: ./MP4Box -dash 100...

Heap Use-After-Free in GPAC MP4Box's ogg_stream_clear Function When Processing OGG Files

A heap use-after-free vulnerability has been discovered in GPAC MP4Box's oggstreamclear function when processing OGG files. The vulnerability occurs due to improper handling of memory allocations and deallocations while processing OGG files. This leads to the use of previously freed memory, causi...

buffer over-read in function mhas_dmx_process filters/reframe_mhas.c

Version ➜ gcc git:master ✗ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev40-g3602a5ded-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

CVE-2022-47661

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via mediatools/avparsers.c:4988 in gfmedianaluaddemulationbytes...

CVE-2022-47662

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault /stack overflow due to infinite recursion in MediaGetSample isomedia/media.c:662...

CVE-2022-47663

GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmxprocess filters/reframeh263.c:609...