182 matches found
EUVD-2025-210331
A use-after-free in the gffilterpidinstswapdeletetask function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...
EUVD-2025-210335
A buffer overflow in the gfmediaimport function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...
CVE-2025-60465
GPAC Project/MP4Box prior to 26.02.0 is affected by CVE-2025-60465 due to a use-after-free in the function gf_filter_pid_inst_swap (in /filter_core/filter_pid.c). The vulnerability allows an attacker to trigger a Denial of Service by processing a crafted media file. The documented remediation is ...
PT-2026-52558
Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf sei load from state internal function located in /filters/sei load.c. This occurs when the software processes a specially crafted MPEG-2 TS file,...
CVE-2025-60474
A buffer overflow in the gfmediaimport function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...
CVE-2025-60467
A use-after-free in the gffilterpidinstswapdeletetask function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...
UBUNTU-CVE-2025-60474
A buffer overflow in the gfmediaimport function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...
PT-2026-52140
Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference occurs in the gf filter in parent chain function located in /filter core/filter pid.c. This issue allows an attacker to trigger a Denial of Service DoS by...
CVE-2025-60474
A buffer overflow in the gfmediaimport function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...
PT-2026-49275
A NULL pointer dereference in the gf media map esd function media tools/isom tools.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
CVE-2025-55645
A heap buffer overflow in the gfcencsetpssh function isomedia/drmsample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
PT-2026-49271
A heap use-after-free in the gf node get tag function scenegraph/base scenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
CVE-2025-55648
A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
OSV-2026-907 Heap-use-after-free in gf_sg_route_del
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=523017644 Crash type: Heap-use-after-free READ 8 Crash state: gfsgroutedel gfsgreset gfsgdel...
GPAC MP4Box 代码问题漏洞
GPAC MP4Box is a open-source multimedia packager from GPAC. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Version 2.4 of GPAC MP4Box has a code vulnerability cause...
OSV-2026-855 Heap-use-after-free in gf_sg_reset
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519588196 Crash type: Heap-use-after-free READ 8 Crash state: gfsgreset gfsgdel fuzzscene.c...
UBUNTU-CVE-2025-60485
A segmentation violation in the gfisomapplesettagex function /isomedia/isomwrite.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
CVE-2019-20168
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function gfisomboxdumpex in isomedia/boxfuncs.c...
CVE-2022-27145
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gfisomgetsampleformovietime of mp4box...
CVE-2025-60091
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through = 1.2.9...