CVE-2026-15185
- EPSS 0.11%
- Veröffentlicht 09.07.2026 12:30:08
- Zuletzt bearbeitet 09.07.2026 16:19:45
A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of the file /src/media_tools/vobsub.c of the component MP4Box. Executing a manipulation of the argument num_langs can lead to out-of-bounds read. The attack n...
CVE-2026-50810
- EPSS 0.17%
- Veröffentlicht 07.07.2026 00:00:00
- Zuletzt bearbeitet 10.07.2026 18:50:20
A NULL pointer dereference in smooth_parse_stream_index() in src/media_tools/mpd.c in GPAC master HEAD before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5 allows attackers to cause a denial of service
CVE-2025-15668
- EPSS 0.12%
- Veröffentlicht 06.07.2026 11:45:07
- Zuletzt bearbeitet 07.07.2026 15:16:41
A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpd_del_entry of the file src/isomedia/box_code_base.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local...
CVE-2025-15667
- EPSS 0.11%
- Veröffentlicht 06.07.2026 11:15:08
- Zuletzt bearbeitet 06.07.2026 19:16:53
A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf_isom_nalu_sample_rewrite of the file src/isomedia/avc_ext.c of the component MP4Box. This manipulation of the argument nalu_out_bs causes double free. It...
CVE-2026-14801
- EPSS 0.11%
- Veröffentlicht 06.07.2026 06:15:07
- Zuletzt bearbeitet 06.07.2026 18:02:49
A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtin_probe_duration of the file src/filters/load_text.c of the component TeXML File Handler. Such manipulation of the argumen...
CVE-2026-14790
- EPSS 0.12%
- Veröffentlicht 06.07.2026 02:15:09
- Zuletzt bearbeitet 06.07.2026 18:02:49
A flaw has been found in GPAC 26.02.0. This affects the function nhmldump_send_frame of the file src/filters/write_nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local ac...
CVE-2026-13523
- EPSS 0.11%
- Veröffentlicht 29.06.2026 01:30:08
- Zuletzt bearbeitet 29.06.2026 18:46:31
A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched loc...
CVE-2025-60464
- EPSS 0.14%
- Veröffentlicht 25.06.2026 00:00:00
- Zuletzt bearbeitet 30.06.2026 19:03:47
A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 TS file.
CVE-2025-60465
- EPSS 0.14%
- Veröffentlicht 25.06.2026 00:00:00
- Zuletzt bearbeitet 30.06.2026 19:03:42
A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file.
CVE-2025-60474
- EPSS 0.58%
- Veröffentlicht 24.06.2026 23:16:40
- Zuletzt bearbeitet 29.06.2026 23:26:36
A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.