18 matches found
CVE-2019-20088
CVE-2019-20088 refers to the GoPro GPMF-parser version 1.2.3, which has a heap-based buffer over-read in the GetPayload function of GPMF_mp4reader.c. The vulnerability is documented across multiple sources (NVD, Red Hat CVE page, etc.), with CVSS v3.1 scores indicating a HIGH severity if exploite...
CVE-2019-20087
GoPro GPMF-parser 1.2.3 is affected by a heap-based buffer over-read in GPMF_seekToSamples (GPMF-parse.c) related to the "matching tags" feature. The issue is reported across multiple sources (NVD, Red Hat, OSV, CVE lists) and is tied to CVE-2019-20087. The vulnerability description consistently ...
CVE-2019-20086
GoPro GPMF-parser 1.2.3 is vulnerable due to a heap-based buffer over-read in GPMF_Next (GPMF_parser.c). Affected component: GPMF-parser within GoPro products. Root cause: heap-based over-read in GPMF_Next; no further exploit details are provided in the connected documents. CVSS data from the ini...
CVE-2019-20089
Affected software: GoPro GPMF-parser 1.2.3. Issue: a heap-based buffer over-read in GPMF_SeekToSamples within GPMF_parse.c used for size calculation. Root cause per description: reading beyond allocated memory boundaries, enabling an out-of-bounds read. Impact described in the sources as a heap/b...
CVE-2020-16161
The CVE-2020-16161 entry concerns GoPro gpmf-parser 1.5, with a division-by-zero vulnerability in GPMF_ScaledData() when parsing malicious input. This can cause a crash (availability impact) as noted in the description and CVSS metrics (base score 5.0/7.5 depending on vector). The provided docume...
CVE-2018-13008
CVE-2018-13008 affects the gpmf-parser 1.1.2 library. The vulnerability is a heap-based buffer over-read in the function the documents name as GPMF_Next inside GPMF_parser.c, triggered by certain checks for a positive nest_level. The connected records corroborate this as the same issue across mul...
CVE-2018-13009
The CVE-2018-13009 entry concerns gpmf-parser 1.1.2, with a heap-based buffer over-read in GPMF_Next of GPMF_parser.c caused by certain checks for GPMF_KEY_END and nest_level (conditional on buffer_size_longs). Impact is high per CVSS (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No remediation details ...
CVE-2020-16158
CVE-2020-16158 concerns GoPro’s gpmf-parser up to version 1.5, where a stack out-of-bounds write occurs in the function GPMF_ExpandComplexTYPE() . Parsing crafted input can lead to a crash or potentially arbitrary code execution. The connected documents reaffirm the same description across multip...
CVE-2018-13007
CVE-2018-13007 affects gpmf-parser 1.1.2. The issue is a heap-based buffer over-read in GPMF_Next of GPMF_parser.c, linked to checks for GPMF_KEY_END and nest_level that are not conditioned on a buffer_size_longs check. Public sources describe a heap-based out-of-bounds read with high/critical im...
CVE-2018-13011
CVE-2018-13011 affects gpmf-parser version 1.1.2. The issue is a heap-based buffer over-read in GPMF_Validate (GPMF_parser.c), as described across multiple sources (NVD entry, CNVD, OSV, CVELIST). The vulnerability’s CVSSv3 base metrics indicate NETWORK vector, no user interaction, and HIGH impac...
CVE-2019-15148
GoPro GPMF-parser 1.2.2 contains an out-of-bounds write in OpenMP4Source (demo/GPMF_mp4reader.c). The provided documents do not specify exploit details, affected versions beyond 1.2.2, or remediation steps; no in-the-wild exploit information is given. Monitor for official fixes or advisories in u...
CVE-2020-16159
CVE-2020-16159 affects GoPro gpmf-parser 1.5. The issue is a heap out-of-bounds read in GPMF_ScaledData(), triggered by parsing malicious input, leading to a crash and potential information disclosure. Documents do not provide affected product versions beyond 1.5, exploitation details, or remedia...
CVE-2020-16160
CVE-2020-16160 affects GoPro gpmf-parser 1.5. The root cause is a division-by-zero in the function GPMF_Decompress() when parsing input, which can lead to a crash. The vulnerability’s impact as per the data indicates availability disruption (CVSS3.1 base score 7.5, HIGH) but no exploitation detai...
CVE-2018-13026
CVE-2018-13026 affects gpmf-parser version 1.1.2. The vulnerability is a heap-based buffer over-read in the function GPMF_Type within GPMF_parser.c. CNVD/CNVD-2019-34685 explicitly states the issue is a heap buffer overflow in GPMF_Type and notes an attacker can exploit this to cause a heap buffe...
CVE-2018-18699
GoPro gpmf-parser 1.2.1 is affected by an out-of-bounds write in OpenMP4Source (GPMF_mp4reader.c). This CVE (CVE-2018-18699) is documented across multiple feeds (NVD, Red Hat, CNVD, osv, CVE lists) with a high-impact profile (NVD CVSSv3: 8.8, NETWORK, privileges NONE, UI REQUIRED; confidentiality...
CVE-2019-15146
CVE-2019-15146 affects the GoPro GPMF-parser v1.2.2 . The vulnerability is a heap-based buffer over-read (4 bytes) in the function GPMF_Next within GPMF_parser.c . The incident arises from improper memory boundary checks, allowing reads past the allocated buffer. Documented impact in CVE entries ...
CVE-2019-15147
CVE-2019-15147 affects GoPro GPMF-parser 1.2.2. The connected records confirm a vulnerability in GPMF_Next in GPMF_parser.c causing an out-of-bounds read and a SEGV. No explicit exploit details, impact clarifications, or remediation are provided in the sources beyond the description. Other entrie...
CVE-2018-18190
CVE-2018-18190 affects GoPro gpmf-parser before 1.2.1. The issue is a divide-by-zero in the function GPMF_ScaledData within GPMF_parser.c that can cause a crash. Affected component is the GPMF data parser used by GoPro cameras. Public references indicate the vulnerability exists in versions prior...