Filtered by vendor Gpac
Subscribe
Total
341 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-32136 | 1 Gpac | 1 Gpac | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | |||||
CVE-2021-30020 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop. | |||||
CVE-2021-30015 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal. | |||||
CVE-2021-21862 | 1 Gpac | 1 Gpac | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption The implementation of the parser used for the “Xtra” FOURCC code is handled. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2020-35979 | 1 Gpac | 1 Gpac | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c. | |||||
CVE-2021-31260 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||||
CVE-2021-21845 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2020-19481 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | |||||
CVE-2021-31262 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||||
CVE-2021-21838 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-21839 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2020-19751 | 1 Gpac | 1 Gpac | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. | |||||
CVE-2021-21847 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-21856 | 1 Gpac | 1 Gpac | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-21836 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the “ctts” FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2020-35982 | 1 Gpac | 1 Gpac | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c. | |||||
CVE-2021-32439 | 1 Gpac | 1 Gpac | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | |||||
CVE-2021-21860 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-21855 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-21861 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. |