Lucene search
K

34 matches found

NVD
NVD
added 2 days ago7 views

CVE-2025-15667

A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gfisomnalusamplerewrite of the file src/isomedia/avcext.c of the component MP4Box. This manipulation of the argument naluoutbs causes double free. It is possible to launch the attack on the local host. T...

4.8CVSS0.00112EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 12:17 a.m.8 views

CVE-2025-60473

A NULL pointer dereference in the gffilterinparentchain function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

5.5CVSS0.00141EPSS
Exploits1References6
CVE
CVE
added 2026/06/25 12:0 a.m.11 views

CVE-2025-60464

GPAC MP4Box contains a use-after-free in gf_sei_load_from_state_internal (in /filters/sei_load.c) affecting builds before 26.02.0. This vulnerability can allow a Denial of Service when processing a crafted MPEG-2 TS file. The issue is described across multiple sources (NVD/NVD variant, AttackersK...

7.8CVSS5.9AI score0.00144EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.13 views

EUVD-2025-210149

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.2AI score0.00188EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 a.m.6 views

CVE-2025-55645

A heap buffer overflow in the gfcencsetpssh function isomedia/drmsample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5AI score0.00235EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/11 10:44 a.m.11 views

EUVD-2026-36235

Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membranemp4plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.toatom/1 without validation...

5.9CVSS5.5AI score0.00126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-44037

Name of the Vulnerable Software and Affected Versions GPAC MP4Box affected versions not specified Description A NULL pointer dereference occurs when parsing certain truncated MP4 files. An unknown or invalid stsd entry can lead to missing descriptor fields, such as codec, mime, or profile strings...

4.3CVSS5.8AI score0.00407EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43380

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. T...

4.8CVSS5.3AI score0.00161EPSS
Exploits1References7
OSV
OSV
added 2026/03/20 9:17 p.m.9 views

DEBIAN-CVE-2026-33144

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

7.8CVSS5.7AI score0.00165EPSS
Exploits1References1
OSV
OSV
added 2026/03/16 2:19 p.m.6 views

UBUNTU-CVE-2026-4185

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swfdefbitsjpeg of the file src/scenemanager/swfparse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to laun...

6.3CVSS6.2AI score0.00252EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-31255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the abstboxread function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

7.8CVSS8AI score0.0146EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.12 views

The vulnerability of the gf_filter_pid_inst_swap_delete_task function in the MP4Box multimedia platform GPAC allows a intruder to cause a service failure.

The vulnerability of the gffilterpidinstswapdeletetask function in the MP4Box multimedia platform GPAC utility is related to the use of memory after deallocation. Exploiting this vulnerability could allow an attacker to cause a service failure...

6.1CVSS5.5AI score
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.33 views

PT-2026-45416

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference exists in the gf ac4 pres b 4 back channels present function within the /media tools/av parsers.c file. This issue allows an attacker to cause a Denial of...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/07/14 12:0 a.m.14 views

PT-2026-45415

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference exists in the gf odf ac4 cfg dsi v1 function within the /odf/descriptors.c file. This issue allows an attacker to cause a Denial of Service DoS, which is a...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2025/07/07 12:0 a.m.6 views

The vulnerability of the avidmx_process() function (filters/dmx_avi.c) in the MP4Box utility of the GPAC multimedia platform, which allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the avidmxprocess function filters/dmxavi.c in the MP4Box utility of the GPAC multimedia platform is related to the lack of checks for division by zero when processing the numframes parameter for AVI files. Exploiting this vulnerability could allow an attacker to execute...

5.5CVSS6AI score
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2025/06/01 12:0 a.m.4 views

PT-2025-34089 · Gnu +1 · Gpac +1

Уязвимость функции gf parse lfrac утилиты MP4Box мультимедийной платформы GPAC связана с разыменованием нулевого указателя. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании...

4.6CVSS7.3AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 p.m.5 views

CVE-2021-32132

The abstboxsize function in GPAC 1.0.1 allows attackers to cause a denial of service NULL pointer dereference via a crafted file in the MP4Box command...

5.5CVSS6.4AI score0.00868EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/05/05 12:0 a.m.7 views

The vulnerability of the gf_hevc_read_sps_bs_internal function in the MP4Box module of the GPAC multimedia platform allows a hacker to execute arbitrary code.

The vulnerability of the gfhevcreadspsbsinternal function in the MP4Box module of the GPAC multimedia platform is related to integer overflow. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.1CVSS7.7AI score0.00285EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/06/17 9:15 p.m.1 views

UBUNTU-CVE-2024-6063

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmxonevent of the file src/filters/dmxm2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally...

5.5CVSS4.3AI score0.00328EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/06/17 12:0 a.m.3 views

PT-2024-37358 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problem was found in the function xmt node end of the file src/scene manager/loader xmt.c of the component MP4Box. The issue leads to use after free. Local access is required to...

5.5CVSS5.6AI score0.00298EPSS
Exploits1References17
Rows per page
Query Builder