A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file.
References
| Link | Resource |
|---|---|
| https://github.com/gpac/gpac/commit/55b351bd078c950592544ab4c708a613c1725b9b | Patch |
| https://github.com/gpac/gpac/issues/3283 | Exploit Issue Tracking |
| https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/34/34_gf_filter_pid_inst_swap_filter_core_filter_pid_c_633 | Exploit |
| https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/34/README.md | Exploit |
| https://infosec.exchange/@sigdevel/116778494176930561 | Exploit Patch Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2026/06/27/1 | Exploit Mailing List Third Party Advisory |
| https://github.com/gpac/gpac/issues/3283 | Exploit Issue Tracking |
Configurations
History
30 Jun 2026, 19:03
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/gpac/gpac/commit/55b351bd078c950592544ab4c708a613c1725b9b - Patch | |
| References | () https://github.com/gpac/gpac/issues/3283 - Exploit, Issue Tracking | |
| References | () https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/34/34_gf_filter_pid_inst_swap_filter_core_filter_pid_c_633 - Exploit | |
| References | () https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/34/README.md - Exploit | |
| References | () https://infosec.exchange/@sigdevel/116778494176930561 - Exploit, Patch, Third Party Advisory | |
| References | () http://www.openwall.com/lists/oss-security/2026/06/27/1 - Exploit, Mailing List, Third Party Advisory | |
| First Time |
Gpac
Gpac gpac |
|
| CPE | cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:* |
27 Jun 2026, 06:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
26 Jun 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/gpac/gpac/issues/3283 - | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| CWE | CWE-416 |
25 Jun 2026, 20:22
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 20:17
Updated : 2026-06-30 19:03
NVD link : CVE-2025-60465
Mitre link : CVE-2025-60465
CVE.ORG link : CVE-2025-60465
JSON object : View
Products Affected
gpac
- gpac
CWE
CWE-416
Use After Free
