Total
341 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-30020 | 1 Gpac | 1 Gpac | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop. | |||||
CVE-2020-35981 | 1 Gpac | 1 Gpac | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c. | |||||
CVE-2021-31261 | 1 Gpac | 1 Gpac | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command. | |||||
CVE-2021-21860 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-30015 | 1 Gpac | 1 Gpac | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal. | |||||
CVE-2020-23931 | 1 Gpac | 1 Gpac | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | |||||
CVE-2021-21841 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-21855 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-28300 | 1 Gpac | 1 Gpac | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file. | |||||
CVE-2021-32439 | 1 Gpac | 1 Gpac | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | |||||
CVE-2021-21854 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-31254 | 1 Gpac | 1 Gpac | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes. | |||||
CVE-2021-31257 | 1 Gpac | 1 Gpac | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||||
CVE-2020-23928 | 1 Gpac | 1 Gpac | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | |||||
CVE-2021-21848 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-21856 | 1 Gpac | 1 Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-32438 | 1 Gpac | 1 Gpac | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||||
CVE-2021-30014 | 1 Gpac | 1 Gpac | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash. | |||||
CVE-2021-30019 | 1 Gpac | 1 Gpac | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy. | |||||
CVE-2021-21837 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. |