A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 TS file.
References
| Link | Resource |
|---|---|
| https://github.com/gpac/gpac/commit/8f404bd581e455267482f86272169a742f654b97 | Patch |
| https://github.com/gpac/gpac/issues/3278 | Exploit Issue Tracking |
| https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/32/32_filters_sei_load_c_225_in_gf_sei_load_from_state_internal | Exploit |
| https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/32/README.md | Exploit |
| https://infosec.exchange/@sigdevel/116778370895014131 | Exploit Patch Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2026/06/26/4 | Exploit Mailing List Third Party Advisory |
| https://github.com/gpac/gpac/issues/3278 | Exploit Issue Tracking |
Configurations
History
30 Jun 2026, 19:03
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Gpac
Gpac gpac |
|
| References | () https://github.com/gpac/gpac/commit/8f404bd581e455267482f86272169a742f654b97 - Patch | |
| References | () https://github.com/gpac/gpac/issues/3278 - Exploit, Issue Tracking | |
| References | () https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/32/32_filters_sei_load_c_225_in_gf_sei_load_from_state_internal - Exploit | |
| References | () https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/32/README.md - Exploit | |
| References | () https://infosec.exchange/@sigdevel/116778370895014131 - Exploit, Patch, Third Party Advisory | |
| References | () http://www.openwall.com/lists/oss-security/2026/06/26/4 - Exploit, Mailing List, Third Party Advisory | |
| CPE | cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:* |
26 Jun 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
26 Jun 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/gpac/gpac/issues/3278 - | |
| CWE | CWE-416 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
25 Jun 2026, 20:22
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 20:17
Updated : 2026-06-30 19:03
NVD link : CVE-2025-60464
Mitre link : CVE-2025-60464
CVE.ORG link : CVE-2025-60464
JSON object : View
Products Affected
gpac
- gpac
CWE
CWE-416
Use After Free
