Impact
Based on the description, it is inferred that an adversary can trigger a denial of service by supplying a crafted media file. A use‑after‑free flaw exists in the gf_filter_pid_inst_swap_delete_task function within the GPAC Project’s MP4Box component. The vulnerability allows an adversary to crash the media processing tool by supplying a specially crafted media file, resulting in an application or system denial of service.
Affected Systems
The affected product is GPAC MP4Box. Any installation older than version 26.02.0 is potentially vulnerable. No specific vendor or product sub‑listing is available beyond the general GPAC Project designation.
Risk and Exploitability
The EPSS score indicates that exploitation probability is low, at less than 1%. The CVSS score of 7.5 reflects a significant potential for Denial of Service. Although it is not listed in the CISA KEV catalog, the flaw remains exploitable through crafted media files processed by the gf_filter_pid_inst_swap_delete_task function. The likely attack vector is supplying a crafted media file to the processing tool, which may be executed remotely if the tool is exposed to untrusted input.
OpenCVE Enrichment