Debian Gpac vulnerabilities

379 known vulnerabilities affecting debian/gpac.

Total CVEs

379

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL13HIGH119MEDIUM203LOW44

Vulnerabilities

Page 6 of 19

CVE-2023-3291LOWCVSS 3.32023

CVE-2023-3291 [LOW] CVE-2023-3291: gpac - Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. Scope: local bullseye: open

debian

CVE-2023-0817LOWCVSS 7.82023

CVE-2023-0817 [HIGH] CVE-2023-0817: gpac - Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. Scope: local bullseye: resolved

debian

CVE-2023-1655LOWCVSS 7.82023

CVE-2023-1655 [HIGH] CVE-2023-1655: gpac - Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0. Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0. Scope: local bullseye: resolved

debian

CVE-2023-46929LOWCVSS 7.52023

CVE-2023-46929 [HIGH] CVE-2023-46929: gpac - An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc... An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application. Scope: local bullseye: resolved

debian

CVE-2022-36190CRITICALCVSS 9.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-36190 [CRITICAL] CVE-2022-36190: gpac - GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in func... GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

debian

CVE-2022-1795CRITICALCVSS 9.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-1795 [CRITICAL] CVE-2022-1795: gpac - Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

debian

CVE-2022-24578HIGHCVSS 7.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-24578 [HIGH] CVE-2022-24578: gpac - GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bi... GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

debian

CVE-2022-45202HIGHCVSS 7.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-45202 [HIGH] CVE-2022-45202: gpac - GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflo... GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

debian

CVE-2022-47093HIGHCVSS 7.82022

CVE-2022-47093 [HIGH] CVE-2022-47093: gpac - GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via f... GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid Scope: local bullseye: open

debian

CVE-2022-29340HIGHCVSS 7.52022

CVE-2022-29340 [HIGH] CVE-2022-29340: gpac - GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability... GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. Scope: local bullseye: open

debian

CVE-2022-47654HIGHCVSS 7.82022

CVE-2022-47654 [HIGH] CVE-2022-47654: gpac - GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hev... GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261 Scope: local bullseye: open

debian

CVE-2022-1441HIGHCVSS 7.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-1441 [HIGH] CVE-2022-1441: gpac - MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package ... MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. Scope:

debian

CVE-2022-47660HIGHCVSS 7.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-47660 [HIGH] CVE-2022-47660: gpac - GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/iso... GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

debian

CVE-2022-47091HIGHCVSS 7.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-47091 [HIGH] CVE-2022-47091: gpac - GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_tex... GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

debian

CVE-2022-38530HIGHCVSS 7.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-38530 [HIGH] CVE-2022-38530: gpac - GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflo... GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

debian

CVE-2022-47661HIGHCVSS 7.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-47661 [HIGH] CVE-2022-47661: gpac - GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media... GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

debian

CVE-2022-47663HIGHCVSS 7.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-47663 [HIGH] CVE-2022-47663: gpac - GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dm... GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609 Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

debian

CVE-2022-47095HIGHCVSS 7.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-47095 [HIGH] CVE-2022-47095: gpac - GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_p... GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

debian

CVE-2022-24577HIGHCVSS 7.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-24577 [HIGH] CVE-2022-24577: gpac - GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8... GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed Unicode utf8_wcslen function.) Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

debian

CVE-2022-26967HIGHCVSS 7.8fixed in gpac 1.0.1+dfsg1-4+deb11u2 (bullseye)2022

CVE-2022-26967 [HIGH] CVE-2022-26967: gpac - GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be trig... GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box. Scope: local bullseye: resolved (fixed in 1.0.1+dfsg1-4+deb11u2)

debian

← Previous6 / 19Next →