Vulnerabilities > Gpac > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2022-29339 Reachable Assertion vulnerability in Gpac
In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service.
network
low complexity
gpac CWE-617
7.5
7.5
2022-05-05 CVE-2022-29340 NULL Pointer Dereference vulnerability in Gpac
GPAC 2.1-DEV-rev87-g053aae8-master.
network
low complexity
gpac CWE-476
7.5
7.5
2022-04-25 CVE-2022-1441 Out-of-bounds Read vulnerability in multiple products
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion.
local
low complexity
gpac debian CWE-125
7.8
7.8
2022-03-14 CVE-2022-24578 Out-of-bounds Write vulnerability in Gpac 1.0.1
GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c.
local
low complexity
gpac CWE-787
7.8
7.8
2022-03-14 CVE-2022-24577 NULL Pointer Dereference vulnerability in Gpac 1.0.1
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen.
local
low complexity
gpac CWE-476
7.8
7.8
2022-03-14 CVE-2022-24575 Out-of-bounds Write vulnerability in Gpac 1.0.1
GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.
local
low complexity
gpac CWE-787
7.8
7.8
2022-03-12 CVE-2022-26967 Out-of-bounds Write vulnerability in Gpac 2.0
GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode.
local
low complexity
gpac CWE-787
7.8
7.8
2022-01-13 CVE-2021-40574 Double Free vulnerability in Gpac 1.0.1
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
local
low complexity
gpac CWE-415
7.8
7.8
2022-01-13 CVE-2021-40568 Classic Buffer Overflow vulnerability in Gpac
A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
local
low complexity
gpac CWE-120
7.8
7.8
2022-01-13 CVE-2021-40570 Double Free vulnerability in Gpac 1.0.1
The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
local
low complexity
gpac CWE-415
7.8
7.8