CVE-2026-27821
- EPSS 0.27%
- Veröffentlicht 26.02.2026 00:16:26
- Zuletzt bearbeitet 11.03.2026 23:23:32
GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd XML attribute is copied from att->value into szXm...
CVE-2026-1418
- EPSS 0.22%
- Veröffentlicht 26.01.2026 04:02:06
- Zuletzt bearbeitet 29.04.2026 01:00:01
A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The a...
CVE-2026-1417
- EPSS 0.2%
- Veröffentlicht 26.01.2026 03:32:07
- Zuletzt bearbeitet 29.04.2026 01:00:01
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The explo...
CVE-2026-1416
- EPSS 0.2%
- Veröffentlicht 26.01.2026 03:02:07
- Zuletzt bearbeitet 29.04.2026 01:00:01
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from ...
CVE-2026-1415
- EPSS 0.15%
- Veröffentlicht 26.01.2026 02:32:08
- Zuletzt bearbeitet 29.04.2026 01:00:01
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carri...
CVE-2025-70305
- EPSS 0.19%
- Veröffentlicht 15.01.2026 17:16:05
- Zuletzt bearbeitet 23.01.2026 17:35:08
A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.
CVE-2025-70309
- EPSS 0.14%
- Veröffentlicht 15.01.2026 00:00:00
- Zuletzt bearbeitet 23.01.2026 17:34:42
A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.
CVE-2025-70304
- EPSS 0.34%
- Veröffentlicht 15.01.2026 00:00:00
- Zuletzt bearbeitet 23.01.2026 17:36:45
A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVE-2025-70308
- EPSS 0.32%
- Veröffentlicht 15.01.2026 00:00:00
- Zuletzt bearbeitet 23.01.2026 17:34:53
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.
CVE-2025-70310
- EPSS 0.14%
- Veröffentlicht 15.01.2026 00:00:00
- Zuletzt bearbeitet 23.01.2026 17:34:23
A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.