CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
A heap buffer overflow in the gf_isom_vp_config_new function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A heap use-after-free vulnerability in the gf_node_get_tag function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A NULL pointer dereference in the gf_media_map_esd function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A heap buffer overflow in the gf_opus_parse_packet_header function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
The mp4_mux_cenc_insert_pssh function in GPAC MP4Box v2.4 has an Out-of-Memory error that allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A heap buffer overflow in the gf_cenc_set_pssh function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A heap use-after-free vulnerability in the gf_node_get_tag function of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A NULL pointer dereference in the TrackWriter handling component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
In version 2.4 of GPAC MP4Box, a floating point exception was discovered in the avidmx_process function (isomedia/isom_write.c).
A NULL pointer dereference in the gf_isom_copy_sample_info function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
LibreOffice Calc had a heap buffer overflow vulnerability when a document reused the same change identifier for two different kinds of changes. This led to writing past the end of its allocation.
LibreOffice has a stack buffer overflow when importing presentations in the legacy PPT format. This occurs during the import of a colour-replacement record when the combined colour counts exceed the size of the colour tables.
LibreOffice has a heap buffer overflow vulnerability when replaying deferred parser events for a text box element in OOXML (DOCX) documents. The issue arises from assuming a handler object is of one type, leading to writes beyond the end of the allocation.
LibreOffice has a heap buffer overflow vulnerability when importing EMF+ graphics, which can lead to memory corruption. The issue arises from incorrectly calculating the allocation size for a gradient, potentially resulting in improper memory allocation.
LibreOffice had a heap buffer overflow vulnerability when importing DXF polylines. The point count from the file was truncated to a 16-bit value, leading to writing past the end of the buffer when the point count exceeded this range.
Valhalla is an open source routing engine that is vulnerable to reflected XSS in versions 3.6.3 and prior due to improper neutralization of input in the JSONP callback parameter. An attacker can inject arbitrary JavaScript, potentially leading to session token theft or credential disclosure.
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager allows an authenticated, remote attacker to create or overwrite files on the filesystem. Exploiting this vulnerability requires sending a crafted HTTP request to an affected API endpoint.
A vulnerability in webpack-dev-server allows for the interception of browser cookies and the Origin header when a user-configured proxy has a broad context and ws: true enabled. This leads to bypassing Host/Origin validation and corrupting the HMR socket.
Mattermost Desktop App versions <=6.1 5.5.13.0 fail to properly handle attempts to open extremely long URLs, allowing a malicious server owner to crash the application by including a script to call window.open on a very large URL.
Multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk, potentially exhausting disk space.

