ALT-PU-2021-1569-1
Closed vulnerabilities
BDU:2022-01659
Уязвимость функции gf_fprintf компонента os_file.c мультимедийной платформы GPAC, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-01662
Уязвимость функции DumpRawUIConfig компонента odf_dump.c мультимедийной платформы GPAC, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-01862
Уязвимость функции vwid_box_del компонента box_code_base.c мультимедийной платформы GPAC, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01869
Уязвимость функции ilst_item_box_dump компонента box_dump.c мультимедийной платформы GPAC, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-23928
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.
- https://cwe.mitre.org/data/definitions/126.html
- https://cwe.mitre.org/data/definitions/126.html
- https://github.com/gpac/gpac/commit/8e05648d6b4459facbc783025c5c42d301fef5c3
- https://github.com/gpac/gpac/commit/8e05648d6b4459facbc783025c5c42d301fef5c3
- https://github.com/gpac/gpac/issues/1568
- https://github.com/gpac/gpac/issues/1568
- https://github.com/gpac/gpac/issues/1569
- https://github.com/gpac/gpac/issues/1569
Modified: 2024-11-21
CVE-2020-23930
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.
Modified: 2024-11-21
CVE-2020-23931
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.
- https://cwe.mitre.org/data/definitions/126.html
- https://cwe.mitre.org/data/definitions/126.html
- https://github.com/gpac/gpac/commit/093283e727f396130651280609e687cd4778e0d1
- https://github.com/gpac/gpac/commit/093283e727f396130651280609e687cd4778e0d1
- https://github.com/gpac/gpac/issues/1564
- https://github.com/gpac/gpac/issues/1564
- https://github.com/gpac/gpac/issues/1567
- https://github.com/gpac/gpac/issues/1567
Modified: 2024-11-21
CVE-2020-23932
An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.
Modified: 2024-11-21
CVE-2021-32268
Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code. The fixed version is 1.0.1.
Modified: 2024-11-21
CVE-2021-32269
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service.
Modified: 2024-11-21
CVE-2021-32270
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service.
Modified: 2024-11-21
CVE-2021-32271
An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution.
Modified: 2024-11-21
CVE-2021-40592
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.