Xidoo123

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a buffer overflow in the `gf vvc read pps bs internal` function of `media tools/av parsers.c`. A check is needed for `num exp tile columns`. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, as a temporary workaround, consider disabling the `gf vvc read pps bs internal` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libde265 version 1.0.9 **Description** The issue is related to a buffer overflow in the `ff hevc put hevc qpel pixels 8 sse` function of the Libde265 h.265 video codec implementation. This vulnerability is caused by copying a buffer without checking the size of the input data. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Libde265 version 1.0.9, update to version 1.0.11 to fix the security issues. As a temporary workaround, consider disabling the `ff hevc put hevc qpel pixels 8 sse` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Libde265 version 1.0.9 **Description** The issue is related to a heap buffer overflow in the `de265 image::set SliceAddrRS(int, int, int)` function of the Libde265 video codec. This can potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Libde265 version 1.0.9, update to version 1.0.11 to fix the security issues. As a temporary workaround, consider disabling the `de265 image::set SliceAddrRS(int, int, int)` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Libde265 version 1.0.9 **Description** The issue is related to a buffer overflow in the `put qpel fallback()` function of the Libde265 video codec implementation. This can allow an attacker to access confidential data, compromise data integrity, and cause a denial of service. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For Libde265 version 1.0.9, update to version 1.0.11 to fix the security issues. As a temporary workaround, consider disabling the `put qpel fallback()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.0.0 **Description** A stack overflow issue was found in the `smil parse time list` parameter at `/scenegraph/svg attributes.c`. **Recommendations** For GPAC MP4box version 2.0.0, consider restricting access to the vulnerable `smil parse time list` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GPAC versions 2.0.0 **Description** The issue arises when MP4Box, a component of GPAC, attempts to parse a MP4 file. It calls the function `diST box read()` to read from the video, allocating a buffer `str` with a fixed length. However, the content read from `bs` and its length are controllable by the user, leading to a buffer overflow. **Recommendations** For GPAC version 2.0.0, consider disabling the `diST box read()` function as a temporary workaround until a patch is available. Restrict access to MP4Box to minimize the risk of exploitation. Avoid using MP4Box to parse MP4 files from untrusted sources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a buffer overflow in the `gf vvc read pps bs internal` function, located in the `media tools/av parsers.c` file. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, consider disabling the `gf vvc read pps bs internal` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a Buffer Overflow. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a Buffer Overflow that occurs via the `gf vvc read sps bs internal` function in the `media tools/av parsers.c` file. This function is part of the GPAC MP4box, which is a tool for manipulating MP4 files. The Buffer Overflow is a type of security vulnerability that can cause a program to crash or execute arbitrary code, potentially leading to security breaches. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, consider disabling the `gf vvc read sps bs internal` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a Buffer Overflow in the `gf text process sub` function of `filters/load text.c`. This function is part of the GPAC MP4box, which is used for processing and manipulating multimedia files. The Buffer Overflow occurs when the function attempts to process a text input that exceeds the expected buffer size, potentially leading to arbitrary code execution. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, as a temporary workaround, consider disabling the `gf text process sub` function until a patch is available. Restrict access to the `filters/load text.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to an Integer overflow vulnerability in the `gf hevc read sps bs internal` function of `media tools/av parsers.c` at line 8316. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, as a temporary workaround, consider disabling the `gf hevc read sps bs internal` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a heap use-after-free vulnerability. It occurs via the file filters/dmx m2ts.c at line 470 in the `m2tsdmx declare pid` function. This vulnerability can be exploited, but details about the estimated number of potentially affected devices or real-world incidents are not provided. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, consider disabling the `m2tsdmx declare pid` function as a temporary workaround until a patch is available. Restrict access to the filters/dmx m2ts.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a Null pointer dereference in the `m2tsdmx declare pid` function, located in `filters/dmx m2ts.c:343`. This problem can be exploited via the `m2tsdmx declare pid` function. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, consider disabling the `m2tsdmx declare pid` function as a temporary workaround until a patch is available. Restrict access to the `filters/dmx m2ts.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b **Description** The issue is related to a buffer overflow in the `hevc parse vps extension` function of `media tools/av parsers.c`. This function is used for parsing video parameters, and the buffer overflow can occur due to improper handling of data. **Recommendations** For GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b, as a temporary workaround, consider disabling the `hevc parse vps extension` function until a patch is available. Restrict access to the `media tools/av parsers.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev593-g007bf61a0 **Description** The issue is related to a Buffer Overflow in the `eac3 update channels` function, located in the `media tools/av parsers.c` file at line 9113. This function is part of the GPAC MP4box software. **Recommendations** For GPAC MP4box version 2.1-DEV-rev593-g007bf61a0, consider disabling the `eac3 update channels` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev593-g007bf61a0 **Description** The issue is related to a Buffer Overflow in the `gf hevc read sps bs internal` function of `media tools/av parsers.c` at line 8261. This function is susceptible to a buffer overflow, which can lead to potential security issues. **Recommendations** For GPAC MP4box version 2.1-DEV-rev593-g007bf61a0, consider disabling the `gf hevc read sps bs internal` function as a temporary workaround until a patch is available. Restrict access to the `media tools/av parsers.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev617-g85ce76efd **Description** The issue is related to a Buffer Overflow in the `gf hevc read sps bs internal` function of `media tools/av parsers.c` at line 8273. **Recommendations** For GPAC MP4box version 2.1-DEV-rev617-g85ce76efd, consider disabling the `gf hevc read sps bs internal` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4Box version 2.1-DEV-rev644-g5c4df2a67 **Description** The issue is related to a buffer overflow in the `hevc parse vps extension` function, located in the `media tools/av parsers.c` file at line 7662. This buffer overflow can be exploited, potentially leading to security issues. **Recommendations** For GPAC MP4Box version 2.1-DEV-rev644-g5c4df2a67, consider disabling the `hevc parse vps extension` function as a temporary workaround until a patch is available. Restrict access to the `media tools/av parsers.c` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4Box version 2.1-DEV-rev644-g5c4df2a67 **Description** The issue is related to a buffer overflow in the `gf hevc read vps bs internal` function, located in the `media tools/av parsers.c` file at line 8039. This function is part of the GPAC MP4Box media processing tool. **Recommendations** For GPAC MP4Box version 2.1-DEV-rev644-g5c4df2a67, consider disabling the `gf hevc read vps bs internal` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC MP4box version 2.1-DEV-rev644-g5c4df2a67 **Description** The issue is related to a Buffer Overflow in the `gf bs read data` function. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For GPAC MP4box version 2.1-DEV-rev644-g5c4df2a67, at the moment, there is no information about a newer version that contains a fix for this vulnerability.