Janette88

**Name of the Vulnerable Software and Affected Versions** gpac version 2.3-DEV-rev921-g422b78ecf-master **Description** The issue is related to an out of boundary read vulnerability via the `gf dash setup period()` function in the media tools/dash client.c file at line 6374. This vulnerability can allow a remote attacker to access confidential information. **Recommendations** As a temporary workaround, consider disabling the `gf dash setup period()` function until a patch is available. Restrict access to the media tools/dash client.c module to minimize the risk of exploitation. Avoid using the `gf dash setup period()` function in the affected gpac version until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** gpac version 2.3-DEV-rev921-g422b78ecf-master **Description** The issue is related to an out of boundary write vulnerability via the `swf get string` function at scene manager/swf parse.c:325. This vulnerability can be exploited by a remote attacker to gain access to confidential information. The vulnerability is associated with a buffer overflow in memory. **Recommendations** For gpac version 2.3-DEV-rev921-g422b78ecf-master, consider disabling the `swf get string` function as a temporary workaround until a patch is available. Restrict access to the scene manager/swf parse.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gpac version 2.3-DEV-rev588-g7edc40fee-master **Description** An issue in gpac allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in the `gf dash setup period` component in `media tools/dash client.c`. This issue affects the `gf dash setup period` component, which is part of the `media tools/dash client.c` file. **Recommendations** For gpac version 2.3-DEV-rev588-g7edc40fee-master, consider disabling the `gf dash setup period` component in `media tools/dash client.c` as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GPAC version 2.3-DEV-rev588-g7edc40fee-master **Description** The issue is related to a heap-based buffer overflow vulnerability in the gf fwrite component of the GPAC multimedia platform. This vulnerability can be exploited by a remote attacker to cause a denial of service (DoS) or potentially execute arbitrary code. The vulnerability is associated with the `gf fwrite` component in the `utils/os file.c` file. **Recommendations** For GPAC version 2.3-DEV-rev588-g7edc40fee-master, consider disabling the `gf fwrite` component as a temporary workaround until a patch is available. Restrict access to the `utils/os file.c` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC versions 2.1-DEV-revUNKNOWN-master **Description** A Null Pointer dereference issue exists via the function `gf filter pid set property full()` at filter core/filter pid.c:5250, which causes a Denial of Service (DoS). **Recommendations** For GPAC version 2.1-DEV-revUNKNOWN-master, update to a version that includes the fix from commit b43f9d1 to resolve the issue. As a temporary workaround, consider disabling the `gf filter pid set property full()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC version 2.1-DEV-rev428-gcb8ae46c8-master **Description** A memory leak was discovered in GPAC via the function `dimC box read` at `isomedia/box code 3gpp.c`. This issue may allow for unauthorized access or other malicious activities. **Recommendations** For GPAC version 2.1-DEV-rev428-gcb8ae46c8-master, as a temporary workaround, consider disabling the `dimC box read` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 2.1-DEV-rev428-gcb8ae46c8-master **Description** A stack overflow issue was discovered in GPAC via the function `dimC box read` at `isomedia/box code 3gpp.c`. This issue can be exploited, potentially leading to security breaches. **Recommendations** For GPAC version 2.1-DEV-rev428-gcb8ae46c8-master, consider disabling the `dimC box read` function as a temporary workaround until a patch is available. Restrict access to the `isomedia/box code 3gpp.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GPAC versions prior to the version that includes commit fef6242 **Description** A heap-buffer-overflow occurred in the `gf isom dovi config get` function of `isomedia/avc ext.c` at line 2490, as demonstrated by MP4Box. **Recommendations** For versions prior to the one including commit fef6242, update to a version that includes this commit to resolve the issue. As a temporary workaround, consider restricting access to the `gf isom dovi config get` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC mp4box version 2.1-DEV-revUNKNOWN-master **Description** The issue is a use-after-free vulnerability in the function `gf isom dovi config get`. This vulnerability was fixed in commit fef6242. **Recommendations** For GPAC mp4box version 2.1-DEV-revUNKNOWN-master, update to a version that includes the fix from commit fef6242 to resolve the issue. As a temporary workaround, consider disabling the `gf isom dovi config get` function until a patch is available.