CVE-2026-7135

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...

CVE-2026-4015

A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtinprocesstexml of the file src/filters/loadtext.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit...

CVE-2026-1417

A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dumpisomrtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to the public and coul...

CVE-2025-70299

A heap overflow in the aviparseinputfile function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted AVI file...

EUVD-2020-3909

Malware in sbrugna...

EUVD-2019-10718

Malware in sbrugna...

EUVD-2023-57882

Malicious code in bioql PyPI...

EUVD-2021-32072

Malicious code in bioql PyPI...

EUVD-2023-34291

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-3178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. CVE-2022-3178 Note that Nessus relies on the presence of the package as reported by the...

PT-2025-30079 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC versions up to 2.4 Description: A null pointer dereference issue exists in the gf dash download init segment function within the src/media tools/dash client.c file. Manipulation of the base init url argument can trigger this issue. This...

CVE-2024-0322

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV...

CVE-2020-11558

An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audiosampleentryRead in isomedia/boxcodebase.c does not properly decide when to make gfisomboxdel calls. This leads to various use-after-free outcomes involving mdiaRead, gfisomdeletemovie, and gfisomparsemovieboxes...

CVE-2021-30014

There is a integer overflow in mediatools/avparsers.c in the hevcparseslicesegment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash...

CVE-2019-20208

dimCRead in isomedia/boxcode3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow...

Linux Distros Unpatched Vulnerability : CVE-2022-43044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gfisomgetmetaiteminfo at /isomedia/meta.c...

CVE-2019-20171

An issue was discovered in GPAC version 0.5.2 and 0.9.0-development-20191109. There are memory leaks in metxNew in isomedia/boxcodebase.c and abstRead in isomedia/boxcodeadobe.c...

Linux Distros Unpatched Vulnerability : CVE-2019-20161

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGFIPMPXWatermarkingInit in...

DEBIAN-CVE-2025-25723

Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code...

CVE-2022-3178

Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV...