Dhbbbo

**Name of the Vulnerable Software and Affected Versions** GPAC version 1.0.1 **Description** A heap-based buffer overflow issue exists in the `gf isom dovi config get` function in MP4Box, which can cause a denial of service or allow the execution of arbitrary code via a crafted file. **Recommendations** For GPAC version 1.0.1, consider disabling the `gf isom dovi config get` function in MP4Box as a temporary workaround until a patch is available. Restrict access to crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libde265 versions 1.0.8 **Description** The issue is related to incorrect access control in the derive boundaryStrength function of the deblock.cc component in the libde265 video codec implementation. This can cause a segmentation fault and application crash, leading to a remote denial of service. The vulnerability is exploited by a READ memory access error in the derive boundaryStrength function. **Recommendations** For libde265 version 1.0.8, update to version 1.0.11 to fix the security issue. As a temporary workaround, consider restricting access to the derive boundaryStrength function of deblock.cc to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GPAC version 1.0.1 **Description** A heap-based buffer overflow issue exists in MP4Box via the `gp rtp builder do mpeg12 video` function, allowing attackers to have unspecified impact through a crafted file in the MP4Box command. **Recommendations** For GPAC version 1.0.1, consider disabling the `gp rtp builder do mpeg12 video` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 1.0.1 **Description** A heap-based buffer overflow issue exists in MP4Box via media.c, allowing attackers to cause a denial of service or execute arbitrary code via a crafted file. **Recommendations** For GPAC version 1.0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libde265 versions 1.0.8 **Description** An issue was discovered in libde265, where there is a Heap-use-after-free in intrapred.h when decoding a file using dec265. This could allow a remote attacker to cause a denial of service. **Recommendations** For libde265 version 1.0.8, update to version 1.0.11 to fix the security issue. As a temporary workaround, consider restricting the use of the dec265 decoder until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC version 1.0.1 **Description** An issue was discovered in GPAC, where a heap-based buffer overflow occurs in the `gp rtp builder do tx3g` function in `ietf/rtp pck 3gpp.c`, as demonstrated by MP4Box. This can cause a denial of service (DOS). **Recommendations** For GPAC version 1.0.1, consider disabling the `gp rtp builder do tx3g` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libde265 version 1.0.8 **Description** A stack-buffer-overflow issue exists in the libde265 video codec, specifically in the put epel hv fallback function of the fallback-motion.cc component. This can be exploited by a remote attacker to cause a denial of service. The issue is related to writing beyond the boundaries of a buffer. **Recommendations** For libde265 version 1.0.8, consider disabling the put epel hv fallback function as a temporary workaround until a patch is available. Restrict access to the fallback-motion.cc component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libde265 version 1.0.8 **Description** An issue exists due to a SEGV in `slice.cc`, related to insufficient access control in the libde265 video codec implementation. This could potentially allow a remote attacker to cause a denial of service. **Recommendations** For libde265 version 1.0.8, consider restricting access to the `slice.cc` component to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.