AVG-1823 log

Package gpac
Status Vulnerable
Severity Medium
Type multiple issues
Affected 1:1.0.1-1
Fixed Unknown
Current 1:2.2.1-2 [extra]
Ticket Create
Created Wed Apr 14 14:56:53 2021
Issue Severity Remote Type Description
CVE-2021-36584 Low Yes Denial of service
An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_builder_do_tx3g function in ietf/rtp_pck_3gpp.c, as...
CVE-2021-33366 Medium Yes Information disclosure
A memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33365 Medium Yes Information disclosure
A memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33364 Medium Yes Information disclosure
A memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33363 Medium Yes Information disclosure
A memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-33362 Medium Yes Arbitrary code execution
A stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary...
CVE-2021-33361 Medium Yes Information disclosure
A memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-32440 Low Yes Denial of service
The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32439 Medium Yes Arbitrary code execution
A buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-32438 Low Yes Denial of service
The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32437 Low Yes Denial of service
The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32139 Low Yes Denial of service
The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32138 Low Yes Denial of service
The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32137 Medium Yes Arbitrary code execution
A heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code...
CVE-2021-32136 Medium Yes Arbitrary code execution
A heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-32135 Low Yes Denial of service
The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32134 Low Yes Denial of service
The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-32132 Low Yes Denial of service
The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31262 Low Yes Denial of service
The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31261 Medium Yes Information disclosure
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.
CVE-2021-31260 Low Yes Denial of service
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31259 Low Yes Denial of service
The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted...
CVE-2021-31258 Low Yes Denial of service
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the...
CVE-2021-31257 Low Yes Denial of service
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVE-2021-31256 Medium Yes Information disclosure
A memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-31255 Medium Yes Arbitrary code execution
A buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-31254 Medium Yes Arbitrary code execution
A buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a...
CVE-2021-30199 Low Yes Denial of service
In filters/reframe_latm.c in GPAC 1.0.1 there is a null pointer dereference when gf_filter_pck_get_data is called. The first arg pck may be null with a...
CVE-2021-30022 Low Yes Denial of service
There is an integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not...
CVE-2021-30020 Medium Yes Arbitrary code execution
In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file,...
CVE-2021-30019 Medium Yes Arbitrary code execution
In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size,...
CVE-2021-30015 Low Yes Denial of service
There is a null pointer dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function...
CVE-2021-30014 Low Yes Denial of service
There is an integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash.
CVE-2021-29279 Medium Yes Arbitrary code execution
There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. value->value.data.size can be a negative number, in...
CVE-2021-28300 Medium Yes Arbitrary code execution
A null pointer dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a...
CVE-2021-21862 Medium Yes Arbitrary code execution
Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library...
CVE-2021-21861 Medium Yes Arbitrary code execution
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When...
CVE-2021-21860 Medium Yes Arbitrary code execution
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A...
CVE-2021-21859 Medium Yes Arbitrary code execution
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The...
CVE-2021-21858 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21857 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21856 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21855 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21854 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21853 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21852 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21851 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21850 Medium Yes Arbitrary code execution
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A...
CVE-2021-21849 Medium Yes Arbitrary code execution
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A...
CVE-2021-21848 Medium Yes Arbitrary code execution
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The...
CVE-2021-21847 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21846 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21845 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21844 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21843 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21842 Medium Yes Arbitrary code execution
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A...
CVE-2021-21841 Medium Yes Arbitrary code execution
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A...
CVE-2021-21840 Medium Yes Arbitrary code execution
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A...
CVE-2021-21839 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21838 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21837 Medium Yes Arbitrary code execution
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1....
CVE-2021-21836 Medium Yes Arbitrary code execution
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A...
CVE-2021-21835 Medium Yes Arbitrary code execution
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A...
CVE-2021-21834 Medium Yes Arbitrary code execution
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A...
CVE-2020-35982 Low Yes Denial of service
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in...
CVE-2020-35981 Low Yes Denial of service
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
CVE-2020-35980 Medium Yes Arbitrary code execution
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
CVE-2020-35979 Medium Yes Arbitrary code execution
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.