Total
365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1418 | 1 Gpac | 1 Gpac | 2026-02-23 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The name of the patch is 10c73b82cf0e367383d091db38566a0e4fe71772. It is best practice to apply a patch to resolve this issue.
|
|||||
| CVE-2026-1417 | 1 Gpac | 1 Gpac | 2026-02-23 | 1.7 LOW | 3.3 LOW |
|
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: f96bd57c3ccdcde4335a0be28cd3e8fe296993de. Applying a patch is the recommended action to fix this issue.
|
|||||
| CVE-2026-1416 | 1 Gpac | 1 Gpac | 2026-02-23 | 1.7 LOW | 3.3 LOW |
|
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as d45c264c20addf0c1cc05124ede33f8ffa800e68. It is advisable to implement a patch to correct this issue.
|
|||||
| CVE-2026-1415 | 1 Gpac | 1 Gpac | 2026-02-23 | 1.7 LOW | 3.3 LOW |
|
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is af951b892dfbaaa38336ba2eba6d6a42c25810fd. To fix this issue, it is recommended to deploy a patch.
|
|||||
| CVE-2025-70307 | 1 Gpac | 1 Gpac | 2026-01-30 | N/A | 7.5 HIGH |
|
A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
|
|||||
| CVE-2025-70299 | 1 Gpac | 1 Gpac | 2026-01-30 | N/A | 6.5 MEDIUM |
|
A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.
|
|||||
| CVE-2025-70302 | 1 Gpac | 1 Gpac | 2026-01-23 | N/A | 5.5 MEDIUM |
|
A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
|||||
| CVE-2025-70303 | 1 Gpac | 1 Gpac | 2026-01-23 | N/A | 5.5 MEDIUM |
|
A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
|
|||||
| CVE-2025-70298 | 1 Gpac | 1 Gpac | 2026-01-23 | N/A | 8.2 HIGH |
|
GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.
|
|||||
| CVE-2025-70304 | 1 Gpac | 1 Gpac | 2026-01-23 | N/A | 7.5 HIGH |
|
A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
|
|||||
| CVE-2025-70305 | 1 Gpac | 1 Gpac | 2026-01-23 | N/A | 5.5 MEDIUM |
|
A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.
|
|||||
| CVE-2025-70308 | 1 Gpac | 1 Gpac | 2026-01-23 | N/A | 7.5 HIGH |
|
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.
|
|||||
| CVE-2025-70309 | 1 Gpac | 1 Gpac | 2026-01-23 | N/A | 5.5 MEDIUM |
|
A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.
|
|||||
| CVE-2025-70310 | 1 Gpac | 1 Gpac | 2026-01-23 | N/A | 5.5 MEDIUM |
|
A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.
|
|||||
| CVE-2025-7797 | 1 Gpac | 1 Gpac | 2025-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 153ea314b6b053db17164f8bc3c7e1e460938eaa. It is recommended to apply a patch to fix this issue.
|
|||||
| CVE-2023-46426 | 1 Gpac | 1 Gpac | 2025-09-26 | N/A | 8.8 HIGH |
|
Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c.
|
|||||
| CVE-2023-46427 | 1 Gpac | 1 Gpac | 2025-09-26 | N/A | 9.8 CRITICAL |
|
An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c.
|
|||||
| CVE-2024-28318 | 1 Gpac | 1 Gpac | 2025-09-26 | N/A | 7.1 HIGH |
|
gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325
|
|||||
| CVE-2024-28319 | 1 Gpac | 1 Gpac | 2025-09-26 | N/A | 6.2 MEDIUM |
|
gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374
|
|||||
| CVE-2024-24267 | 1 Gpac | 1 Gpac | 2025-09-26 | N/A | 7.5 HIGH |
|
gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
|
|||||
| CVE-2025-25723 | 1 Gpac | 1 Gpac | 2025-09-25 | N/A | 8.4 HIGH |
|
Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code.
|
|||||
| CVE-2023-5520 | 1 Gpac | 1 Gpac | 2025-08-01 | N/A | 7.7 HIGH |
|
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
|
|||||
| CVE-2019-20208 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2025-07-11 | 4.3 MEDIUM | 5.5 MEDIUM |
|
dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow.
|
|||||
| CVE-2024-57184 | 1 Gpac | 1 Gpac | 2025-06-27 | N/A | 5.5 MEDIUM |
|
An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.
|
|||||
| CVE-2023-46929 | 1 Gpac | 1 Gpac | 2025-06-18 | N/A | 7.5 HIGH |
|
An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.
|
|||||
| CVE-2023-50120 | 1 Gpac | 1 Gpac | 2025-06-17 | N/A | 5.5 MEDIUM |
|
MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
|
|||||
| CVE-2024-22749 | 1 Gpac | 1 Gpac | 2025-06-16 | N/A | 7.8 HIGH |
|
GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577
|
|||||
| CVE-2024-24266 | 1 Gpac | 1 Gpac | 2025-06-05 | N/A | 7.5 HIGH |
|
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
|
|||||
| CVE-2023-46932 | 1 Gpac | 1 Gpac | 2025-05-27 | N/A | 9.8 CRITICAL |
|
Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.
|
|||||
| CVE-2024-24265 | 1 Gpac | 1 Gpac | 2025-05-09 | N/A | 7.5 HIGH |
|
gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.
|
|||||
| CVE-2022-43045 | 1 Gpac | 1 Gpac | 2025-05-09 | N/A | 5.5 MEDIUM |
|
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.
|
|||||
| CVE-2022-43044 | 1 Gpac | 1 Gpac | 2025-05-09 | N/A | 5.5 MEDIUM |
|
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.
|
|||||
| CVE-2022-43043 | 1 Gpac | 1 Gpac | 2025-05-09 | N/A | 5.5 MEDIUM |
|
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.
|
|||||
| CVE-2022-43042 | 1 Gpac | 1 Gpac | 2025-05-09 | N/A | 7.8 HIGH |
|
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.
|
|||||
| CVE-2022-43040 | 1 Gpac | 1 Gpac | 2025-05-09 | N/A | 7.8 HIGH |
|
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.
|
|||||
| CVE-2022-43039 | 1 Gpac | 1 Gpac | 2025-05-08 | N/A | 5.5 MEDIUM |
|
GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.
|
|||||
| CVE-2022-43255 | 1 Gpac | 1 Gpac | 2025-05-02 | N/A | 5.5 MEDIUM |
|
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.
|
|||||
| CVE-2022-43254 | 1 Gpac | 1 Gpac | 2025-05-02 | N/A | 5.5 MEDIUM |
|
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c.
|
|||||
| CVE-2022-45343 | 1 Gpac | 1 Gpac | 2025-05-02 | N/A | 7.8 HIGH |
|
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.
|
|||||
| CVE-2022-45204 | 1 Gpac | 1 Gpac | 2025-04-25 | N/A | 5.5 MEDIUM |
|
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.
|
|||||