CVE-2025-60464

A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 TS file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*

History

30 Jun 2026, 19:03

Type Values Removed Values Added
First Time Gpac
Gpac gpac
References () https://github.com/gpac/gpac/commit/8f404bd581e455267482f86272169a742f654b97 - () https://github.com/gpac/gpac/commit/8f404bd581e455267482f86272169a742f654b97 - Patch
References () https://github.com/gpac/gpac/issues/3278 - () https://github.com/gpac/gpac/issues/3278 - Exploit, Issue Tracking
References () https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/32/32_filters_sei_load_c_225_in_gf_sei_load_from_state_internal - () https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/32/32_filters_sei_load_c_225_in_gf_sei_load_from_state_internal - Exploit
References () https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/32/README.md - () https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/32/README.md - Exploit
References () https://infosec.exchange/@sigdevel/116778370895014131 - () https://infosec.exchange/@sigdevel/116778370895014131 - Exploit, Patch, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2026/06/26/4 - () http://www.openwall.com/lists/oss-security/2026/06/26/4 - Exploit, Mailing List, Third Party Advisory
CPE cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*

26 Jun 2026, 19:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/06/26/4 -

26 Jun 2026, 14:16

Type Values Removed Values Added
References () https://github.com/gpac/gpac/issues/3278 - () https://github.com/gpac/gpac/issues/3278 -
CWE CWE-416
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

25 Jun 2026, 20:22

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 20:17

Updated : 2026-06-30 19:03


NVD link : CVE-2025-60464

Mitre link : CVE-2025-60464

CVE.ORG link : CVE-2025-60464


JSON object : View

Products Affected

gpac

  • gpac
CWE
CWE-416

Use After Free