Xcainiao

**Name of the Vulnerable Software and Affected Versions** GPAC versions prior to 0.8.0 **Description** A heap-based buffer over-read issue exists in the isomedia/isom read.c file of libgpac.a. This can cause a crash, as demonstrated by an issue in the gf m2ts sync function within media tools/mpegts.c. **Recommendations** For versions prior to 0.8.0, update to version 0.8.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.1.0 **Description** The issue is related to an infinite loop in the AP4 FtypAtom class, which can be triggered by a crafted MP4 file. This occurs due to size mishandling in the Core/Ap4FtypAtom.cpp component of Bento4. **Recommendations** For Bento4 version 1.5.1.0, consider avoiding the use of crafted MP4 files that may trigger the infinite loop until a patch is available. As a temporary workaround, restrict the processing of MP4 files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.26 **Description** The issue allows remote attackers to cause a denial of service due to excessive memory allocation via a crafted file. This is related to the Exiv2::Jp2Image::readMetadata function in jp2image.cpp. **Recommendations** For Exiv2 version 0.26, consider disabling the `readMetadata` function in `jp2image.cpp` as a temporary workaround to minimize the risk of exploitation.