PT-2026-52558

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf sei load from state internal function located in /filters/sei load.c. This occurs when the software processes a specially crafted MPEG-2 TS file,...

CVE-2025-60464

GPAC MP4Box contains a use-after-free in gf_sei_load_from_state_internal (in /filters/sei_load.c) affecting builds before 26.02.0. This vulnerability can allow a Denial of Service when processing a crafted MPEG-2 TS file. The issue is described across multiple sources (NVD/NVD variant, AttackersK...

CVE-2025-60464

A use-after-free in the gfseiloadfromstateinternal function /filters/seiload.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 TS file...

EUVD-2026-37180

In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0146

In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0146

In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

DEBIAN-CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

UBUNTU-CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

EUVD-2026-36295

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

CVE-2026-53702

The issue CVE-2026-53702 affects the GStreamer H.265 codec parser library (gst-plugins-bad). During buffering period SEI parsing, the loop bound is derived from cpb_cnt_minus1[i] instead of cpb_cnt_minus1[0] from the referenced Sequence Parameter Set, causing writes beyond stack-allocated CPB del...

CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

PT-2026-48725

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A stack buffer overflow exists in the GStreamer H.265 codec parser library gst-plugins-bad. The issue occurs when parsing a buffering period SEI message, where the parser utilizes an...

gst-plugins-bad 缓冲区错误漏洞

gst-plugins-bad is a GStreamer open-source plugin. gst-plugins-bad has a buffer error vulnerability. This vulnerability stems from the H.265 codec parser library using incorrect loop boundaries when parsing SEI messages during the buffer period. As a result, the CPB values allocated for the stack...

PUB-A-477021934

In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2014-7130

Malware in sbrugna...

EUVD-2025-20240

Malicious code in bioql PyPI...

Malicious code in @zalastax/nolb-_sei (npm)

The package @zalastax/nolb-sei was found to contain malicious code...

MAL-2025-10402 Malicious code in @zalastax/nolb-_sei (npm)

The package @zalastax/nolb-sei was found to contain malicious code...

OSV-2025-622 Heap-buffer-overflow in cc_storage_append

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437855564 Crash type: Heap-buffer-overflow READ 1 Crash state: ccstorageappend ParseSEICallback HxxxParseSEI...

The vulnerability of the naludmx_configure_pid component in the gf_sei_load_from_state function of the internal() function in the filters/sei_load.c file, a multimedia platform for GPAC, allows a attacker to cause a service failure by terminating the application abnormally or executing arbitrary code.

The vulnerability of the naludmxconfigurepid component in the gfseiloadfromstate function of the filters/seiload.c file, within the GPAC multimedia platform, is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure by...