3.3
CVE-2025-15667
- EPSS 0.11%
- Veröffentlicht 06.07.2026 11:15:08
- Zuletzt bearbeitet 06.07.2026 19:16:53
- CVE-Watchlists
- Unerledigt
GPAC MP4Box avc_ext.c gf_isom_nalu_sample_rewrite double free
A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf_isom_nalu_sample_rewrite of the file src/isomedia/avc_ext.c of the component MP4Box. This manipulation of the argument nalu_out_bs causes double free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: f29f955f2a3b5e8e507caad3e52319f961bf37bf. To fix this issue, it is recommended to deploy a patch.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellern/a
≫
Produkt
GPAC
Version
2.5-DEV
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.016 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 1.9 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
| cna@vuldb.com | 1.7 | 3.1 | 2.9 |
AV:L/AC:L/Au:S/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-415 Double Free
The product calls free() twice on the same memory address.
https://github.com/gpac/gpac/
https://vuldb.com/vuln/376292
https://vuldb.com/vuln/376292/cti
https://vuldb.com/cve/CVE-2025-15667
https://vuldb.com/submit/846839
https://github.com/gpac/gpac/issues/3403
https://github.com/TimChan2001/pocs/raw/refs/heads/main/poc-gpac-1
https://github.com/gpac/gpac/commit/f29f955f2a3b5e8e507caad3e52319f961bf37bf