A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf_isom_nalu_sample_rewrite of the file src/isomedia/avc_ext.c of the component MP4Box. This manipulation of the argument nalu_out_bs causes double free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: f29f955f2a3b5e8e507caad3e52319f961bf37bf. To fix this issue, it is recommended to deploy a patch.
Metrics
Affected Vendors & Products
References
History
Mon, 06 Jul 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf_isom_nalu_sample_rewrite of the file src/isomedia/avc_ext.c of the component MP4Box. This manipulation of the argument nalu_out_bs causes double free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: f29f955f2a3b5e8e507caad3e52319f961bf37bf. To fix this issue, it is recommended to deploy a patch. | |
| Title | GPAC MP4Box avc_ext.c gf_isom_nalu_sample_rewrite double free | |
| First Time appeared |
Gpac
Gpac gpac |
|
| Weaknesses | CWE-119 CWE-415 |
|
| CPEs | cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Gpac
Gpac gpac |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-06T11:15:08.893Z
Reserved: 2026-07-04T05:16:18.510Z
Link: CVE-2025-15667
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-06T13:30:04Z