Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-3178

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-12 Sep, 2022 | 16:30
Updated At-03 Aug, 2024 | 01:00
Rejected At-
Credits

Buffer Over-read in gpac/gpac

Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:12 Sep, 2022 | 16:30
Updated At:03 Aug, 2024 | 01:00
Rejected At:
▼CVE Numbering Authority (CNA)
Buffer Over-read in gpac/gpac

Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.

Affected Products
Vendor
GPACgpac
Product
gpac/gpac
Versions
Affected
  • From unspecified before 2.1.0-DEV (custom)
Problem Types
TypeCWE IDDescription
CWECWE-126CWE-126 Buffer Over-read
Type: CWE
CWE ID: CWE-126
Description: CWE-126 Buffer Over-read
Metrics
VersionBase scoreBase severityVector
3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0
x_refsource_CONFIRM
https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3
x_refsource_MISC
Hyperlink: https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0
x_refsource_CONFIRM
x_transferred
https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3
x_refsource_MISC
x_transferred
Hyperlink: https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:12 Sep, 2022 | 17:15
Updated At:29 Jun, 2023 | 14:56

Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
GPAC
gpac
>>gpac>>Versions before 2.1.0-dev(exclusive)
cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE-126Secondarysecurity@huntr.dev
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-126
Type: Secondary
Source: security@huntr.dev
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3security@huntr.dev
Patch
https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0security@huntr.dev
Exploit
Patch
Third Party Advisory
Hyperlink: https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3
Source: security@huntr.dev
Resource:
Patch
Hyperlink: https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0
Source: security@huntr.dev
Resource:
Exploit
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

933Records found
CVE-2022-47094
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.67%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-47661
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.12%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47095
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.65%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-45343
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.24%
||
7 Day CHG~0.00%
Published-29 Nov, 2022 | 00:00
Updated-02 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-416
Use After Free
CVE-2022-43040
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.60%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-09 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7752
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.39%
||
7 Day CHG~0.00%
Published-07 Mar, 2018 | 23:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GPAC
Product-gpacubuntu_linuxdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-26967
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.26%
||
7 Day CHG~0.00%
Published-12 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24578
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.09%
||
7 Day CHG+0.02%
Published-14 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-2454
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.90%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in gpac/gpac

Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-38530
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.80%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-2453
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 13:30
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in gpac/gpac

Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-416
Use After Free
CVE-2022-24575
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.59%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 13:25
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-5586
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 8.16%
||
7 Day CHG~0.00%
Published-15 Oct, 2023 | 00:28
Updated-16 Sep, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in gpac/gpac

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-1655
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.82%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in gpac/gpac

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-0358
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.84%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in gpac/gpac

Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-416
Use After Free
CVE-2023-0760
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.32%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in gpac/gpac

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40574
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.41%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 00:00
Updated-05 Mar, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-415
Double Free
CVE-2021-36414
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.40%
||
7 Day CHG~0.00%
Published-10 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 50.99%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 19:53
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-24577
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.90%
||
7 Day CHG+0.02%
Published-14 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed Unicode utf8_wcslen function.)

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-35980
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-21 Apr, 2021 | 00:00
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-416
Use After Free
CVE-2020-23931
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.29% / 52.18%
||
7 Day CHG~0.00%
Published-21 Apr, 2021 | 17:41
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-4721
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 4.33%
||
7 Day CHG~0.00%
Published-01 Sep, 2023 | 15:27
Updated-19 Sep, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in gpac/gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-28319
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 5.16%
||
7 Day CHG~0.00%
Published-15 Mar, 2024 | 00:00
Updated-29 Mar, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374

Action-Not Available
Vendor-n/aGPAC
Product-n/agpac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-0322
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.4||MEDIUM
EPSS-0.11% / 29.68%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 12:38
Updated-03 Jun, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in gpac/gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-20630
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 54.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:14
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-20629
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 54.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:15
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-5520
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4||MEDIUM
EPSS-0.01% / 1.49%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:56
Updated-01 Aug, 2025 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in gpac/gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpacgpac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-5998
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4||MEDIUM
EPSS-0.11% / 29.35%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 18:45
Updated-04 Sep, 2024 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in gpac/gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-5377
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.86%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 09:53
Updated-17 Sep, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in gpac/gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-4778
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 3.86%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 15:43
Updated-27 Sep, 2024 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in gpac/gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-4758
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 4.97%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 15:47
Updated-19 Sep, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in gpac/gpac

Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40606
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.72%
||
7 Day CHG~0.00%
Published-28 Jun, 2022 | 00:00
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-2838
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 20.72%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 00:00
Updated-21 Jan, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in gpac/gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-13618
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.89%
||
7 Day CHG~0.00%
Published-16 Jul, 2019 | 16:07
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-21016
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 65.50%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 12:58
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-43043
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.27%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-09 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-13005
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.59% / 68.28%
||
7 Day CHG~0.00%
Published-29 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GPAC
Product-debian_linuxubuntu_linuxgpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-30976
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.34%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 05:20
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-13006
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 70.99%
||
7 Day CHG~0.00%
Published-29 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GPAC
Product-debian_linuxubuntu_linuxgpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-23928
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.29% / 52.18%
||
7 Day CHG~0.00%
Published-21 Apr, 2021 | 17:41
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-19481
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.03%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 17:14
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-19751
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.52% / 65.68%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 19:42
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-29537
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.65%
||
7 Day CHG+0.01%
Published-20 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-3523
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 7.84%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 09:53
Updated-06 Nov, 2024 | 21:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in gpac/gpac

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpacgpac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-19750
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.64%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 19:42
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-6765
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.76% / 72.31%
||
7 Day CHG~0.00%
Published-03 Jun, 2019 | 18:15
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8170.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerPhantomPDF
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-8455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.45%
||
7 Day CHG~0.00%
Published-03 May, 2017 | 05:13
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-foxit_readerphantompdfn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-44859
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.27%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 18:26
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-opendesignn/a
Product-drawings_sdkn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-5510
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.91% / 74.94%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:05
Updated-07 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22019.

Action-Not Available
Vendor-Tungsten Automation Corp.
Product-power_pdfPower PDFpower_pdf
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 18
  • 19
  • Next
Details not found