33 matches found
EUVD-2026-41219
A NULL pointer dereference in the AP4AtomSampleTable::GetSample function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-36910
The vulnerability affects MPC-BE (Aleksoid1978) where an access violation occurs in BaseSplitterFile::Read prior to commit 4341cb3, enabling DoS via a crafted MP4 file. The issue is described consistently across multiple trusted sources (NVD, CVE records, EUVD, CVE list, PT Security, AttackersKB,...
The vulnerability of the gf_isom_add_track_kind() function in the isomedia/isom_write.c file, implemented by the MP4Box encoder for the GPAC multimedia platform, allows a malicious actor to cause service interruptions using a specially created MP4 file.
The vulnerability of the gfisomaddtrackkind function in the isomedia/isomwrite.c file, belonging to the MP4Box encoder of the GPAC multimedia platform, is related to pointer dereferencing errors. Exploiting this vulnerability could allow an attacker to cause service failures through the use of a...
CVE-2026-36908
A stack overflow in the AP4Array::EnsureCapacity component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2025-55644
A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
PT-2026-48162
🚨 CVE-2025-55659 A NULL pointer dereference in the ctts box write function isomedia/box code base.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file. 🎖@cveNotify...
SUSE-SU-2026:1761-1 Security update for nginx
This update for nginx fixes the following issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack bsc1257675. - CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. - CVE-2026-27784:...
PT-2026-38860
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux parse trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...
nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files
A flaw was found in NGINX's ngxhttpmp4module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead ...
DEBIAN-CVE-2026-27784
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it i...
CVE-2025-70303
A heap overflow in the uncvparseconfig function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
nginx: specially crafted MP4 file may cause denial of service
A flaw was found in the ngxhttpmp4module module of Nginx. Processing a specially crafted MP4 file can trigger a buffer over-read and cause the nginx process to terminate, resulting in a denial of service...
PT-2024-20300 · Bento4 · Bento4
Name of the Vulnerable Software and Affected Versions: Bento4 version 1.5.1-628 Description: The issue is related to a Memory leak in the AP4 Movie::AP4 Movie function when parsing tracks and adding them to the m Tracks list. If an error occurs due to no audio track being found, mp42aac cannot...
SUSE CVE-2016-3062
The movreaddref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via the entries value in a dref box in an MP4 file...
UBUNTU-CVE-2022-35165
An issue in AP4SgpdAtom::AP4SgpdAtom of Bento4-1.6.0-639 allows attackers to cause a Denial of Service DoS via a crafted mp4 input...
Bento4 安全漏洞
Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in version Bento4-1.6.0-639. An attacker could exploit this vulnerability to cause a denial of service DoS via specially crafted mp4 input...
The vulnerability of the gf_m2ts_section_complete function in the media_tools/mpegts component of the GPAC multimedia platform allows a hacker to cause a service failure.
The vulnerability of the gfm2tssectioncomplete function in the mediatools/mpegts component of the GPAC multimedia platform is related to writing beyond buffer boundaries. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created MP4 file...
Bento4 安全漏洞
Bento4 is an open source C++ library for reading and writing MP4 files. This number is duplicated with CNNVD-201908-1067, the related content has been removed, please refer to the information of CNNVD-201908-1067...
GPAC Invalid Pointer Dereference Vulnerability
GPAC is a multimedia framework for rich media and distributed under the LGPL license. An invalid pointer dereference vulnerability exists in gfodfdeletedescriptor in odf/descprivate.c in libgpac.a in versions prior to GPAC 0.8.0. An attacker can exploit this vulnerability to cause a denial of...
PT-2022-11260 · Gpac +1 · Gpac +1
Name of the Vulnerable Software and Affected Versions: Gpac versions through 1.0.1 Description: A buffer overflow issue exists via a malformed MP4 file in the svc parse slice function in av parsers.c, allowing attackers to cause a denial of service, potentially execute code, and escalate...