Debian Gpac vulnerabilities

CVE-2025-70305 [MEDIUM] CVE-2025-70305: gpac - A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to caus... A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file. Scope: local bullseye: open

CVE-2024-0322 [CRITICAL] CVE-2024-0322: gpac - Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2024-0321 [CRITICAL] CVE-2024-0321: gpac - Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Scope: local bullseye: open

CVE-2024-24265 [HIGH] CVE-2024-24265: gpac - gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable i... gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function. Scope: local bullseye: open

CVE-2024-28318 [HIGH] CVE-2024-28318: gpac - gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundar... gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325 Scope: local bullseye: open

CVE-2024-24267 [HIGH] CVE-2024-24267: gpac - gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gf... gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function. Scope: local bullseye: open

CVE-2024-22749 [HIGH] CVE-2024-22749: gpac - GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new... GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577 Scope: local bullseye: open

CVE-2024-24266 [HIGH] CVE-2024-24266: gpac - gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via t... gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c. Scope: local bullseye: open

CVE-2024-50664 [HIGH] CVE-2024-50664: gpac - gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_i... gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box. Scope: local bullseye: open

CVE-2024-57184 [MEDIUM] CVE-2024-57184: gpac - An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a... An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-2)

CVE-2024-6063 [MEDIUM] CVE-2024-6063: gpac - A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been ... A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The pat

CVE-2024-6064 [MEDIUM] CVE-2024-6064: gpac - A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been ... A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to approach this attack. The exploit has been disclosed to the public and may

CVE-2024-28319 [MEDIUM] CVE-2024-28319: gpac - gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of bounda... gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374 Scope: local bullseye: open

CVE-2024-50665 [MEDIUM] CVE-2024-50665: gpac - gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_s... gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box. Scope: local bullseye: open

CVE-2024-6062 [MEDIUM] CVE-2024-6062: gpac - A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classifie... A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be

CVE-2024-6061 [MEDIUM] CVE-2024-6061: gpac - A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and clas... A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch the attack on the local host. The exploit has been disclosed to the public

CVE-2023-2838 [CRITICAL] CVE-2023-2838: gpac - Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. Scope: local bullseye: open

CVE-2023-46427 [CRITICAL] CVE-2023-46427: gpac - An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows... An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c. Scope: local bullseye: open

CVE-2023-46932 [CRITICAL] CVE-2023-46932: gpac - Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-mas... Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box. Scope: local bullseye: open

CVE-2023-2840 [CRITICAL] CVE-2023-2840: gpac - NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. Scope: local bullseye: open