Total
316 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-45831 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service. | |||||
CVE-2021-32135 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||||
CVE-2021-46236 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
CVE-2021-44927 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash. | |||||
CVE-2021-44926 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash. | |||||
CVE-2021-45291 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. | |||||
CVE-2021-45760 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability allows attackers to cause a Denial of Service (DoS). | |||||
CVE-2021-32138 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||||
CVE-2020-22678 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | |||||
CVE-2020-25427 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service. | |||||
CVE-2021-46042 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service. | |||||
CVE-2021-45297 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size. | |||||
CVE-2020-22679 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input. | |||||
CVE-2021-33361 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | |||||
CVE-2021-46240 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
CVE-2021-33362 | 1 Gpac | 1 Gpac | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | |||||
CVE-2021-31258 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||||
CVE-2021-32437 | 1 Gpac | 1 Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||||
CVE-2021-21847 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
CVE-2021-21856 | 1 Gpac | 1 Gpac | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. |