CVE-2025-55659
- EPSS 0.35%
- Veröffentlicht 09.06.2026 00:00:00
- Zuletzt bearbeitet 14.06.2026 00:16:19
A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
CVE-2026-9572
- EPSS 0.16%
- Veröffentlicht 26.05.2026 18:30:10
- Zuletzt bearbeitet 28.05.2026 14:32:47
A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack ca...
CVE-2026-9567
- EPSS 0.12%
- Veröffentlicht 26.05.2026 17:45:10
- Zuletzt bearbeitet 26.05.2026 19:37:00
A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached lo...
CVE-2026-8124
- EPSS 0.16%
- Veröffentlicht 08.05.2026 01:15:10
- Zuletzt bearbeitet 14.05.2026 18:02:30
A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit...
CVE-2026-39103
- EPSS 0.11%
- Veröffentlicht 05.05.2026 16:16:12
- Zuletzt bearbeitet 29.05.2026 14:44:41
Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute()
CVE-2026-7135
- EPSS 0.11%
- Veröffentlicht 27.04.2026 15:15:11
- Zuletzt bearbeitet 29.04.2026 01:00:01
A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the component MP4Box. Performing a manipulation of the argu...
CVE-2026-33144
- EPSS 0.17%
- Veröffentlicht 20.03.2026 20:07:58
- Zuletzt bearbeitet 14.04.2026 18:21:42
GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bit_sequence_bs function in utils/xml_bin_custom.c wh...
CVE-2026-4185
- EPSS 0.25%
- Veröffentlicht 15.03.2026 18:32:08
- Zuletzt bearbeitet 29.04.2026 01:00:01
A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. The manipulation of the argument szName results in...
CVE-2026-4016
- EPSS 0.12%
- Veröffentlicht 12.03.2026 08:32:13
- Zuletzt bearbeitet 29.04.2026 01:00:01
A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is ...
CVE-2026-4015
- EPSS 0.13%
- Veröffentlicht 12.03.2026 08:32:09
- Zuletzt bearbeitet 29.04.2026 01:00:01
A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to...