CVE-2025-60465

A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*

History

30 Jun 2026, 19:03

Type Values Removed Values Added
References () https://github.com/gpac/gpac/commit/55b351bd078c950592544ab4c708a613c1725b9b - () https://github.com/gpac/gpac/commit/55b351bd078c950592544ab4c708a613c1725b9b - Patch
References () https://github.com/gpac/gpac/issues/3283 - () https://github.com/gpac/gpac/issues/3283 - Exploit, Issue Tracking
References () https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/34/34_gf_filter_pid_inst_swap_filter_core_filter_pid_c_633 - () https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/34/34_gf_filter_pid_inst_swap_filter_core_filter_pid_c_633 - Exploit
References () https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/34/README.md - () https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/34/README.md - Exploit
References () https://infosec.exchange/@sigdevel/116778494176930561 - () https://infosec.exchange/@sigdevel/116778494176930561 - Exploit, Patch, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2026/06/27/1 - () http://www.openwall.com/lists/oss-security/2026/06/27/1 - Exploit, Mailing List, Third Party Advisory
First Time Gpac
Gpac gpac
CPE cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*

27 Jun 2026, 06:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/06/27/1 -

26 Jun 2026, 14:16

Type Values Removed Values Added
References () https://github.com/gpac/gpac/issues/3283 - () https://github.com/gpac/gpac/issues/3283 -
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-416

25 Jun 2026, 20:22

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 20:17

Updated : 2026-06-30 19:03


NVD link : CVE-2025-60465

Mitre link : CVE-2025-60465

CVE.ORG link : CVE-2025-60465


JSON object : View

Products Affected

gpac

  • gpac
CWE
CWE-416

Use After Free