{"id":"CVE-2024-24267","details":"gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.","modified":"2026-04-12T08:03:52.601947Z","published":"2024-02-05T18:15:52.427Z","references":[{"type":"REPORT","url":"https://github.com/NixOS/nixpkgs/pull/305402"},{"type":"REPORT","url":"https://github.com/gpac/gpac/issues/2571"},{"type":"FIX","url":"https://github.com/gpac/gpac/commit/d28d9ba45cf4f628a7b2c351849a895e6fcf2234"},{"type":"EVIDENCE","url":"https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gpac/gpac","events":[{"introduced":"b34e3851670f4398a4e2efcb86b30a8b07743212"},{"fixed":"5d70253ac94e5840be7b86054131dd753af63cc7"},{"fixed":"d28d9ba45cf4f628a7b2c351849a895e6fcf2234"}],"database_specific":{"versions":[{"introduced":"2.2.1"},{"fixed":"2.4.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24267.json","vanir_signatures":[{"digest":{"length":548,"function_hash":"257859779120762812500349950898853581870"},"signature_type":"Function","signature_version":"v1","target":{"function":"gf_fileio_from_mem","file":"src/utils/os_file.c"},"source":"https://github.com/gpac/gpac/commit/d28d9ba45cf4f628a7b2c351849a895e6fcf2234","deprecated":false,"id":"CVE-2024-24267-3236f6bc"},{"digest":{"threshold":0.9,"line_hashes":["214342022947886620639860751304734532451","66377661945373893230826838595381899670","113057751222773783552018106389299589545","248741158259453629385979020169537618604","339588349538517630739659064089114765330","125406461018746592591548087817097426391","169705036503066150203763489900728676555","262784623983751621153671470858727787337","88861323312349415404014921191997120431","280788439075801202851031811284658977763","278741301392154855782560843733204009206","308972114347411309189302310059938176131"]},"signature_type":"Line","signature_version":"v1","target":{"file":"src/utils/os_file.c"},"source":"https://github.com/gpac/gpac/commit/d28d9ba45cf4f628a7b2c351849a895e6fcf2234","deprecated":false,"id":"CVE-2024-24267-358a0c3b"},{"digest":{"threshold":0.9,"line_hashes":["249571260538932152670445539545228447305","152587707489286048113487046699269700399","179615268150946079356232227478217568912","60033637154988124640604107946683507742","282739834311121068751546966263810654625","337334203508275543620516398168354778384","210797623534005381670211559059867641832"]},"signature_type":"Line","signature_version":"v1","target":{"file":"src/filters/decrypt_cenc_isma.c"},"source":"https://github.com/gpac/gpac/commit/5d70253ac94e5840be7b86054131dd753af63cc7","deprecated":false,"id":"CVE-2024-24267-63a629ce"},{"digest":{"length":3266,"function_hash":"339597387818010758170673273113920787195"},"signature_type":"Function","signature_version":"v1","target":{"function":"cenc_dec_load_keys","file":"src/filters/decrypt_cenc_isma.c"},"source":"https://github.com/gpac/gpac/commit/5d70253ac94e5840be7b86054131dd753af63cc7","deprecated":false,"id":"CVE-2024-24267-b25b15ba"}],"vanir_signatures_modified":"2026-04-12T08:03:52Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}