Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gpac — Vulnerabilities & Security Advisories 49

Browse all 49 CVE security advisories affecting gpac. AI-powered Chinese analysis, POCs, and references for each vulnerability.

gpac serves as an open-source multimedia framework primarily utilized for encoding, decoding, and streaming audio and video content across various platforms. Its widespread adoption in media processing pipelines has exposed it to significant security risks, resulting in forty-nine recorded Common Vulnerabilities and Exposures. Historically, the software has been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and memory management errors within its parsing modules. These vulnerabilities allow attackers to execute arbitrary commands or crash systems, compromising data integrity and availability. While no single catastrophic incident dominates its history, the cumulative effect of these bugs highlights the challenges of maintaining complex multimedia libraries. Continuous updates and rigorous code auditing remain essential to mitigate these persistent threats and ensure secure deployment in enterprise environments.

Top products by gpac: gpac/gpac gpac
Medium2026-05-08
Unchecked Allocation in `sidx_box_read()` Enables Memory Exhaustion / DoS · Issue #3519 · gpac/gpac
Medium2026-05-08
fuzz: prevent unwanted allocs in sidx_box_read() + typo · gpac/gpac@442e229 · GitHub
High2026-04-28
fuzz: fix some int overflow issues (fixes #3515, fixes #3516) · gpac/gpac@cf6ac48 · GitHub
CriticalGHSA-35162026-04-28
heap OOB read/write in elng_box_read() due to u64→u32 truncation · Issue #3516 · gpac/gpac
High2026-02-26
fix buffer overflow in nhml dmx · gpac/gpac@9bd7137 · GitHub
HighCVE-2026-278212026-02-26
Stack Buffer Overflow in GPAC NHML Demuxer (dmx_nhml.c) · Advisory · gpac/gpac · GitHub
High2026-01-27
ASan: out-of-bounds write in `gf_text_import_srt_bifs()` (scene_manager/text_to_bifs.c) when importing SRT with non-UTF8
Medium2026-01-27
NULL pointer dereference in gf_media_export_webvtt_metadata() when hdlr box has no name field · Issue #3428 · gpac/gpac
Medium2026-01-27
NULL pointer dereference in dump_isom_rtp() when processing hint track without SDP · Issue #3426 · gpac/gpac
High2026-01-20
POC/gpac_rawpcm/GPAC_RFPCM.md at main · zakkanijia/POC · GitHub
Medium2026-01-20
POC/gpac_vobsub/GPAC_vobsub.md at main · zakkanijia/POC · GitHub
Medium2026-01-20
POC/gpac_gsf/GPAC_gsf.md at main · zakkanijia/POC · GitHub
High2026-01-20
POC/gpac_saf/GPAC_SAF.md at main · zakkanijia/POC · GitHub
High2026-01-20
POC/gpac_avi/GPAC_AVI_indx_heap_overflow.md at main · zakkanijia/POC · GitHub
High2026-01-20
POC/gpac_uncv/GPAC_UNCV_CPAT.md at main · zakkanijia/POC · GitHub
High2026-01-20
POC/gpac_dec_vorbis/GPAC_VORBIS.md at main · zakkanijia/POC · GitHub
Medium2026-01-20
POC/dmx_ogg/GPAC_oggdmx_parse_tags_offbyone.md at main · zakkanijia/POC · GitHub
High2026-01-20
POC/gpac_boxDump/GPAC_tx3g.md at main · zakkanijia/POC · GitHub
HighCVE-2021-324372025-11-20
Null pointer dereference in function gf_hinter_finalize isom_hinter.c:1236 · Issue #1770 · gpac/gpac
High2025-11-10
[BUG] heap buffer overflow in gf_utf8_wcslen, utils/utf.c:442 · Issue #2179 · gpac/gpac

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with gpac. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.