gopro CVE Vulnerabilities & Metrics

Focus on gopro vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About gopro Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with gopro. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total gopro CVEs: 18
Earliest CVE date: 07 Oct 2014, 14:55 UTC
Latest CVE date: 19 Oct 2020, 18:15 UTC

Latest CVE reference: CVE-2020-16161

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical gopro CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.59

Max CVSS: 10.0

Critical CVEs (≥9): 2

CVSS Range vs. Count

Range Count
0.0-3.9 0
4.0-6.9 13
7.0-8.9 5
9.0-10.0 2

CVSS Distribution Chart

Top 5 Highest CVSS gopro CVEs

These are the five CVEs with the highest CVSS scores for gopro, sorted by severity first and recency.

All CVEs for gopro

CVE-2020-16161 gopro vulnerability CVSS: 5.0 19 Oct 2020, 18:15 UTC

GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.

CVE-2020-16160 gopro vulnerability CVSS: 5.0 19 Oct 2020, 18:15 UTC

GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash.

CVE-2020-16159 gopro vulnerability CVSS: 6.4 19 Oct 2020, 18:15 UTC

GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure.

CVE-2020-16158 gopro vulnerability CVSS: 6.8 19 Oct 2020, 18:15 UTC

GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Parsing malicious input can result in a crash or potentially arbitrary code execution.

CVE-2019-20089 gopro vulnerability CVSS: 6.8 30 Dec 2019, 04:15 UTC

GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation.

CVE-2019-20088 gopro vulnerability CVSS: 6.8 30 Dec 2019, 04:15 UTC

GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c.

CVE-2019-20087 gopro vulnerability CVSS: 6.8 30 Dec 2019, 04:15 UTC

GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature.

CVE-2019-20086 gopro vulnerability CVSS: 6.8 30 Dec 2019, 04:15 UTC

GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c.

CVE-2019-15148 gopro vulnerability CVSS: 4.3 18 Aug 2019, 19:15 UTC

GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c.

CVE-2019-15147 gopro vulnerability CVSS: 4.3 18 Aug 2019, 19:15 UTC

GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c.

CVE-2019-15146 gopro vulnerability CVSS: 4.3 18 Aug 2019, 19:15 UTC

GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c.

CVE-2018-18699 gopro vulnerability CVSS: 6.8 29 Oct 2018, 12:29 UTC

An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of-bounds write in OpenMP4Source in GPMF_mp4reader.c.

CVE-2018-18190 gopro vulnerability CVSS: 4.3 09 Oct 2018, 20:29 UTC

An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a divide-by-zero error in GPMF_ScaledData in GPMF_parser.c.

CVE-2018-13026 gopro vulnerability CVSS: 7.5 30 Jun 2018, 12:29 UTC

An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Type.

CVE-2018-13011 gopro vulnerability CVSS: 7.5 29 Jun 2018, 15:29 UTC

An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate.

CVE-2018-13009 gopro vulnerability CVSS: 7.5 29 Jun 2018, 14:29 UTC

An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (conditional on a buffer_size_longs check).

CVE-2018-13008 gopro vulnerability CVSS: 7.5 29 Jun 2018, 14:29 UTC

An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level.

CVE-2018-13007 gopro vulnerability CVSS: 7.5 29 Jun 2018, 14:29 UTC

An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (not conditional on a buffer_size_longs check).

CVE-2014-6434 gopro vulnerability CVSS: 10.0 07 Oct 2014, 14:55 UTC

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.

CVE-2014-6433 gopro vulnerability CVSS: 10.0 07 Oct 2014, 14:55 UTC

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.