PT-2026-48162

A NULL pointer dereference in the ctts box write function isomedia/box code base.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

Linux Distros Unpatched Vulnerability : CVE-2025-60486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS vi...

CVE-2025-60486

A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 file...

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

SUSE-SU-2026:0780-1 Security update for tracker-miners

This update for tracker-miners fixes the following issues: - CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files bsc1257606. - CVE-2026-1765: denial of Service and potential information disclosure via crafted MP3 files bsc1257607. -...

CVE-2025-70303

CVE-2025-70303 concerns GPAC v2.4.0, where the uncv_parse_config() function is vulnerable to a heap overflow (CNVD and Red Hat listings corroborate as a DoS risk). Exploitation involves processing a crafted MP4 file, leading to denial of service. Connected sources consistently describe a DoS outc...

EUVD-2015-6758

Malware in sbrugna...

EUVD-2015-4500

Malware in sbrugna...

EUVD-2015-8688

Malware in sbrugna...

EUVD-2012-0692

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2015-6821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ffmpvcommoninit function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to...

nginx: Memory disclosure in the ngx_http_mp4_module

A vulnerability was found in NGINX’s module, ngxhttpmp4module. This flaw allows a local attacker to cause a worker process crash or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module...

PT-2024-20300 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.5.1-628 Description: The issue is related to a Memory leak in the AP4 Movie::AP4 Movie function when parsing tracks and adding them to the m Tracks list. If an error occurs due to no audio track being found, mp42aac cannot...

CVE-2023-30207

A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file...

SUSE CVE-2006-1664

Buffer overflow in xinelistdeletecurrent in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream...

SUSE CVE-2015-8654

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial o...

SUSE CVE-2017-17081

The gmcmmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service integer signedness error and out-of-array read via a crafted MPEG file...

SUSE CVE-2018-16845

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...

The vulnerability of the gf_m2ts_section_complete function in the media_tools/mpegts component of the GPAC multimedia platform allows a hacker to cause a service failure.

The vulnerability of the gfm2tssectioncomplete function in the mediatools/mpegts component of the GPAC multimedia platform is related to writing beyond buffer boundaries. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created MP4 file...

The vulnerability of the gf_m2ts_process_pmt function in the media_tools/mpegts.c component of the GPAC multimedia platform allows a hacker to cause a service failure.

The vulnerability of the gfm2tsprocesspmt function in the mediatools/mpegts.c component of the GPAC multimedia platform is related to reading data from buffer memory beyond its allowable limits. Exploiting this vulnerability allows a malicious actor to cause service interruptions using a speciall...