Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-29340

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 May, 2022 | 12:46
Updated At-03 Aug, 2024 | 06:17
Rejected At-
Credits

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 May, 2022 | 12:46
Updated At:03 Aug, 2024 | 06:17
Rejected At:
▼CVE Numbering Authority (CNA)

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/gpac/gpac/issues/2163
x_refsource_MISC
https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0
x_refsource_MISC
Hyperlink: https://github.com/gpac/gpac/issues/2163
Resource:
x_refsource_MISC
Hyperlink: https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/gpac/gpac/issues/2163
x_refsource_MISC
x_transferred
https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/gpac/gpac/issues/2163
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 May, 2022 | 13:15
Updated At:13 May, 2022 | 18:28

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
GPAC
gpac
>>gpac>>Versions before 2022-04-12(exclusive)
cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0cve@mitre.org
Patch
Third Party Advisory
https://github.com/gpac/gpac/issues/2163cve@mitre.org
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/gpac/gpac/issues/2163
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

937Records found
CVE-2021-32138
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.92%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 19:11
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-31257
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.73%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 18:29
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-32438
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.92%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 19:50
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-32135
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.73%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 14:17
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-31258
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.73%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 18:29
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-30015
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 19:34
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-46046
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 23.06%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent).

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28300
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.94% / 75.34%
||
7 Day CHG~0.00%
Published-14 Apr, 2021 | 13:51
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-6630
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 50.83%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 01:04
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-6631
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.83%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 01:04
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20164
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.70%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 23:56
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_box_del() in isomedia/box_funcs.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20166
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.70%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 23:55
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_dump() in isomedia/box_dump.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20167
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.70%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 23:55
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function senc_Parse() in isomedia/box_code_drm.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20165
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.56% / 67.35%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 23:55
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-24574
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.83%
||
7 Day CHG+0.01%
Published-14 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra ().

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-3012
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.91%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-09 Jan, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in gpac/gpac

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-6062
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 10.46%
||
7 Day CHG~0.00%
Published-17 Jun, 2024 | 19:31
Updated-25 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPAC MP4Box load_text.c swf_svg_add_iso_sample null pointer dereference

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 31e499d310a48bd17c8b055a0bfe0fe35887a7cd. It is recommended to apply a patch to fix this issue. VDB-268790 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-n/aGPAC
Product-gpacGPACgpac
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-2840
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.37%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 00:00
Updated-21 Jan, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in gpac/gpac

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-31259
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.73%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 18:29
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-30199
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 19:34
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-21015
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.87% / 74.22%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 12:58
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-4683
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.99%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 15:54
Updated-19 Sep, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in gpac/gpac

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-35982
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.35%
||
7 Day CHG~0.00%
Published-21 Apr, 2021 | 15:05
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-35981
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.35%
||
7 Day CHG~0.00%
Published-21 Apr, 2021 | 15:05
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-47094
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.67%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-12481
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.33%
||
7 Day CHG~0.00%
Published-30 May, 2019 | 22:40
Updated-14 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-32269
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 36.09%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:26
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-32270
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 36.09%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:26
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-32134
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.73%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 13:20
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-2549
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.7||MEDIUM
EPSS-0.13% / 32.90%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:51
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in gpac/gpac

NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-24249
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.41%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 18:20
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-25427
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.33%
||
7 Day CHG~0.00%
Published-10 Jan, 2022 | 21:01
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-5586
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 8.16%
||
7 Day CHG~0.00%
Published-15 Oct, 2023 | 00:28
Updated-16 Sep, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in gpac/gpac

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-22674
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.73%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 20:37
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-22352
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 36.09%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 20:02
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23932
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.02%
||
7 Day CHG~0.00%
Published-21 Apr, 2021 | 17:41
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23930
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.94%
||
7 Day CHG~0.00%
Published-21 Apr, 2021 | 17:41
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-19488
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.02%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 17:15
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilst_item_Read.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-6063
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 9.66%
||
7 Day CHG~0.00%
Published-17 Jun, 2024 | 20:31
Updated-25 Sep, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPAC MP4Box dmx_m2ts.c m2tsdmx_on_event null pointer dereference

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-268791.

Action-Not Available
Vendor-n/aGPAC
Product-gpacGPACgpac
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-1172
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.6||MEDIUM
EPSS-0.10% / 27.37%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 09:30
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null Pointer Dereference Caused Segmentation Fault in gpac/gpac

Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-1035
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-2.9||LOW
EPSS-0.07% / 22.04%
||
7 Day CHG~0.00%
Published-21 Mar, 2022 | 00:00
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segmentation Fault caused by MP4Box -lsr in gpac/gpac

Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-50665
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 00:00
Updated-11 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40559
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.53%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40565
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.43%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-4043
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.8||MEDIUM
EPSS-0.94% / 75.33%
||
7 Day CHG+0.16%
Published-04 Feb, 2022 | 00:00
Updated-08 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in gpac/gpac

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.

Action-Not Available
Vendor-Debian GNU/LinuxMotion SpellGPAC
Product-gpacdebian_linuxgpac/gpacgpacdebian_linuxGPAC
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-32440
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.92%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 19:57
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-32139
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.92%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 19:59
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-31262
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.73%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 18:29
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-31260
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.73%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 18:29
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-32437
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.92%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 19:48
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 18
  • 19
  • Next
Details not found