CVE-2026-3950

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

CVE-2026-3950

CVE-2026-3950 affects strukturag libheif up to 1.21.2. The issue occurs in Track::load (libheif/sequences/track.cc, stsz/stts) and causes an out-of-bounds read. Exploitation requires local access; exploit code is publicly available. A patch exists but is unofficial/not officially approved. Remedi...

CVE-2026-3950 strukturag libheif stsz/stts track.cc load out-of-bounds

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

EUVD-2014-1323

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-35306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the function AP4StszAtom::WriteFields located in Ap4StszAtom.cpp. It...

Linux Distros Unpatched Vulnerability : CVE-2017-14261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the SDK in Bento4 1.5.0-616, the AP4StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit...

CVE-2022-40775

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4StszAtom::WriteFields...

CLSA-2024-1730478623 Fix CVE(s): CVE-2023-7347, CVE-2024-7347

SECURITY UPDATE: mp4 module allows buffer underread and unordered chunks - debian/patches/CVE-2024-7347.patch: fix buffer underread while updating stsz atom and reject unordered chunks - CVE-2023-7347...

The vulnerability of the AP4_StszAtom::GetSampleSize() function in the ISO-MP4 Bento4 file reading and writing library allows a hacker to cause a service failure.

The vulnerability of the AP4StszAtom::GetSampleSize function in the ISO-MP4 file reading and writing library in Bento4 is related to the use of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

Heap Buffer Overflow

libgpac.so is vulnerable to Heap Buffer Overflow. The vulnerability is due to the gfisomusecompactsize function in isomwrite.c which does not check the value of stsz-sampleCount. This allows an attacker to craft a scenario where stsz-sampleSize is non-zero, and stsz-sampleCount is zero. This lead...

CVE-2022-40775

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4StszAtom::WriteFields...

CVE-2022-40774

An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4StszAtom::GetSampleSize...

UBUNTU-CVE-2022-40775

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4StszAtom::WriteFields...

Bento4 代码问题漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4 1.6.0-639 and earlier versions that stems from a null pointer dereference in its AP4StszAtom::WriteFields component...

DEBIAN-CVE-2021-21848

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause a...

DEBIAN-CVE-2021-21846

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffe...

UBUNTU-CVE-2021-21846

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffe...

GPAC Project Advanced Content 缓冲区错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

UBUNTU-CVE-2021-35306

An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the function AP4StszAtom::WriteFields located in Ap4StszAtom.cpp. It allows an attacker to cause a denial of service DOS...

Bento4 Ap4StszAtom.cpp file buffer overflow vulnerability

Bento4 is an open source C++ library for reading and writing MP4 files. A buffer overflow vulnerability exists in the AP4StszAtom class of the Ap4StszAtom.cpp file of the SDK in Bento4 version 1.5.0-616. A remote attacker can exploit this vulnerability to cause a denial of service or execute...