Vulnerabilities (CVE)

Filtered by vendor Gpac Subscribe
Total 129 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-22673 1 Gpac 1 Gpac 2021-10-18 4.3 MEDIUM 5.5 MEDIUM
Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.
CVE-2020-22679 1 Gpac 1 Gpac 2021-10-18 4.3 MEDIUM 5.5 MEDIUM
Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.
CVE-2020-22678 1 Gpac 1 Gpac 2021-10-18 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.
CVE-2020-22677 1 Gpac 1 Gpac 2021-10-18 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.
CVE-2020-22675 1 Gpac 1 Gpac 2021-10-18 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.
CVE-2020-22674 1 Gpac 1 Gpac 2021-10-18 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.
CVE-2021-21834 2 Debian, Gpac 2 Debian Linux, Gpac 2021-10-18 6.8 MEDIUM 8.8 HIGH
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21861 2 Debian, Gpac 2 Debian Linux, Gpac 2021-10-18 6.8 MEDIUM 8.8 HIGH
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21837 2 Debian, Gpac 2 Debian Linux, Gpac 2021-10-18 6.8 MEDIUM 8.8 HIGH
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21860 2 Debian, Gpac 2 Debian Linux, Gpac 2021-10-18 6.8 MEDIUM 8.8 HIGH
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21859 2 Debian, Gpac 2 Debian Linux, Gpac 2021-10-18 6.8 MEDIUM 8.8 HIGH
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-41457 1 Gpac 1 Mp4box 2021-10-07 5.0 MEDIUM 7.5 HIGH
There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.
CVE-2021-41456 1 Gpac 1 Mp4box 2021-10-07 5.0 MEDIUM 7.5 HIGH
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.
CVE-2021-41459 1 Gpac 1 Mp4box 2021-10-07 5.0 MEDIUM 7.5 HIGH
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.
CVE-2021-21843 2 Debian, Gpac 2 Debian Linux, Gpac 2021-10-07 6.8 MEDIUM 8.8 HIGH
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21848 2 Debian, Gpac 2 Debian Linux, Gpac 2021-10-07 6.8 MEDIUM 8.8 HIGH
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21849 2 Debian, Gpac 2 Debian Linux, Gpac 2021-10-07 6.8 MEDIUM 8.8 HIGH
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21839 2 Debian, Gpac 2 Debian Linux, Gpac 2021-10-07 6.8 MEDIUM 8.8 HIGH
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21844 2 Debian, Gpac 2 Debian Linux, Gpac 2021-10-07 6.8 MEDIUM 8.8 HIGH
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21850 2 Debian, Gpac 2 Debian Linux, Gpac 2021-10-07 6.8 MEDIUM 8.8 HIGH
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.