Description
A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf_isom_nalu_sample_rewrite of the file src/isomedia/avc_ext.c of the component MP4Box. This manipulation of the argument nalu_out_bs causes double free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: f29f955f2a3b5e8e507caad3e52319f961bf37bf. To fix this issue, it is recommended to deploy a patch.
Published: 2026-07-06
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a double free in the function gf_isom_nalu_sample_rewrite within the MP4Box tool of GPAC. Manipulation of the nalu_out_bs argument causes the function to free the same memory block twice, corrupting heap state. This memory corruption can lead to a program crash or unintended behaviour, but the CVE description does not specify that arbitrary code execution is possible.

Affected Systems

GPAC MP4Box, all builds up to and including the 2.5-DEV series, is affected. Users who run these versions of the MP4Box tool processing media files from untrusted sources are at risk.

Risk and Exploitability

The CVSS score of 4.8 indicates low overall severity, and the EPSS score of less than 1% suggests that exploitation is unlikely. The flaw is exploitable only from a local host; an attacker must execute MP4Box or a similar GPAC command with a crafted input file. The vulnerability is not listed in CISA’s KEV catalog, but proof‑of‑concept exploits have been published.

Generated by OpenCVE AI on July 9, 2026 at 12:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and apply the patch from commit f29f955f2a3b5e8e507caad3e52319f961bf37bf to eliminate the double free in gf_isom_nalu_sample_rewrite.
  • Run MP4Box only under least privilege or by trusted users and avoid executing it with elevated rights on untrusted media files.
  • If a patch is not yet available, consider disabling or uninstalling the MP4Box binary, or process unknown media files in a sandboxed environment until the fix is applied.

Generated by OpenCVE AI on July 9, 2026 at 12:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 12:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf_isom_nalu_sample_rewrite of the file src/isomedia/avc_ext.c of the component MP4Box. This manipulation of the argument nalu_out_bs causes double free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: f29f955f2a3b5e8e507caad3e52319f961bf37bf. To fix this issue, it is recommended to deploy a patch.
Title GPAC MP4Box avc_ext.c gf_isom_nalu_sample_rewrite double free
First Time appeared Gpac
Gpac gpac
Weaknesses CWE-119
CWE-415
CPEs cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*
Vendors & Products Gpac
Gpac gpac
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-07-06T18:50:01.768Z

Reserved: 2026-07-04T05:16:18.510Z

Link: CVE-2025-15667

cve-icon Vulnrichment

Updated: 2026-07-06T18:49:57.612Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T12:30:17Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-415

    Double Free