EUVD-2025-210149

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55645

A heap buffer overflow in the gfcencsetpssh function isomedia/drmsample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

EUVD-2026-36235

Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membranemp4plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.toatom/1 without validation...

PT-2026-44037

Name of the Vulnerable Software and Affected Versions GPAC MP4Box affected versions not specified Description A NULL pointer dereference occurs when parsing certain truncated MP4 files. An unknown or invalid stsd entry can lead to missing descriptor fields, such as codec, mime, or profile strings...

PT-2026-43380

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. T...

DEBIAN-CVE-2026-33144

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

UBUNTU-CVE-2026-4185

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swfdefbitsjpeg of the file src/scenemanager/swfparse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to laun...

Linux Distros Unpatched Vulnerability : CVE-2021-31255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the abstboxread function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

PT-2026-45416

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference exists in the gf ac4 pres b 4 back channels present function within the /media tools/av parsers.c file. This issue allows an attacker to cause a Denial of...

The vulnerability of the gf_filter_pid_inst_swap_delete_task function in the MP4Box multimedia platform GPAC allows a intruder to cause a service failure.

The vulnerability of the gffilterpidinstswapdeletetask function in the MP4Box multimedia platform GPAC utility is related to the use of memory after deallocation. Exploiting this vulnerability could allow an attacker to cause a service failure...

PT-2026-45415

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference exists in the gf odf ac4 cfg dsi v1 function within the /odf/descriptors.c file. This issue allows an attacker to cause a Denial of Service DoS, which is a...

The vulnerability of the avidmx_process() function (filters/dmx_avi.c) in the MP4Box utility of the GPAC multimedia platform, which allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the avidmxprocess function filters/dmxavi.c in the MP4Box utility of the GPAC multimedia platform is related to the lack of checks for division by zero when processing the numframes parameter for AVI files. Exploiting this vulnerability could allow an attacker to execute...

PT-2025-34089 · Gnu +1 · Gpac +1

Уязвимость функции gf parse lfrac утилиты MP4Box мультимедийной платформы GPAC связана с разыменованием нулевого указателя. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании...

CVE-2021-32132

The abstboxsize function in GPAC 1.0.1 allows attackers to cause a denial of service NULL pointer dereference via a crafted file in the MP4Box command...

The vulnerability of the gf_hevc_read_sps_bs_internal function in the MP4Box module of the GPAC multimedia platform allows a hacker to execute arbitrary code.

The vulnerability of the gfhevcreadspsbsinternal function in the MP4Box module of the GPAC multimedia platform is related to integer overflow. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

UBUNTU-CVE-2024-6063

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmxonevent of the file src/filters/dmxm2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally...

PT-2024-37358 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problem was found in the function xmt node end of the file src/scene manager/loader xmt.c of the component MP4Box. The issue leads to use after free. Local access is required to...

UBUNTU-CVE-2023-47384

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gfisomaddchapter at /isomedia/isomwrite.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

SUSE CVE-2017-9616

In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion uncontrolled recursion in the dissectmp4box function in epan/dissectors/file-mp4.c...

The vulnerability of the gf_isom_oinf_read_entry function in the MP4Box component of the GPAC multimedia platform allows a hacker to gain access to confidential data.

The vulnerability of the gfisomoinfreadEntry function in the MP4Box component of the GPAC multimedia platform is related to improper memory release before deleting the last reference. Exploiting this vulnerability allows a remote attacker to gain access to confidential data through a specially...