CVE-2025-60481
- EPSS 0.14%
- Veröffentlicht 01.06.2026 00:00:00
- Zuletzt bearbeitet 02.06.2026 00:16:32
A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
CVE-2025-60483
- EPSS 0.14%
- Veröffentlicht 01.06.2026 00:00:00
- Zuletzt bearbeitet 02.06.2026 00:16:32
A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
CVE-2025-60485
- EPSS 0.14%
- Veröffentlicht 01.06.2026 00:00:00
- Zuletzt bearbeitet 02.06.2026 00:16:32
A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
CVE-2025-60495
- EPSS 0.13%
- Veröffentlicht 01.06.2026 00:00:00
- Zuletzt bearbeitet 02.06.2026 00:16:33
A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted data file.
CVE-2025-70116
- EPSS 0.41%
- Veröffentlicht 27.05.2026 00:00:00
- Zuletzt bearbeitet 01.06.2026 18:09:03
A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields (e.g., codec/mime/profile strings). gf_media_map_esd then calls strlen() on a NULL pointer, tri...
CVE-2022-47090
- EPSS 0.25%
- Veröffentlicht 24.01.2025 14:15:29
- Zuletzt bearbeitet 15.04.2026 00:35:42
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns
CVE-2021-41458
- EPSS 0.57%
- Veröffentlicht 16.06.2022 10:15:09
- Zuletzt bearbeitet 21.11.2024 06:26:16
In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.
CVE-2021-41456
- EPSS 1.2%
- Veröffentlicht 01.10.2021 12:15:07
- Zuletzt bearbeitet 21.11.2024 06:26:16
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.
CVE-2021-41459
- EPSS 1.21%
- Veröffentlicht 01.10.2021 12:15:07
- Zuletzt bearbeitet 21.11.2024 06:26:16
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.
CVE-2021-41457
- EPSS 1.17%
- Veröffentlicht 01.10.2021 12:15:07
- Zuletzt bearbeitet 21.11.2024 06:26:16
There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.