CVE-2025-60468
Received Received - Intake
Heap Use-After-Free in GPAC MP4Box

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: MITRE

Description
GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: filter_core/filter_pid.c (L:574-580): function gf_filter_pid_inst_swap_delete_task() improperly accesses freed objects during PID instance swap/delete cleanup, leading to heap use-after-free. The attack vector is: Local (AV:L): a local, authenticated user who processes a specially crafted MPEG-2 TS/MP4 file with MP4Box can trigger the bug during filter teardown (PID instance swap/delete), causing a crash. ΒΆΒΆ In GPAC s MP4Box, gf_filter_pid_inst_swap_delete_task() in filter_core/filter_pid.c may dereference objects after they have been freed when cleaning up PID instances after a swap/delete operation. Crafted inputs (e.g., malformed MPEG-2 TS) can trigger a heap use-after-free and crash; exploitation may be possible.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2025-60468
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gpac mp4box 2.5-dev-rev1593-gfe88c3545-master
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition. A local, authenticated user can cause MP4Box to crash by processing a specially crafted media file, disrupting normal operation. There is also a possibility that the heap use-after-free could be exploited further, potentially leading to more severe consequences, although this is not confirmed.

Executive Summary

This vulnerability exists in the GPAC Multimedia Open Source Project's MP4Box component, specifically in the function gf_filter_pid_inst_swap_delete_task() within filter_core/filter_pid.c. The issue is a buffer overflow caused by improper access to freed memory objects during the cleanup of PID instances after a swap or delete operation. When a local, authenticated user processes a specially crafted MPEG-2 TS or MP4 file with MP4Box, this bug can be triggered during filter teardown, leading to a heap use-after-free condition and causing the program to crash.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-60468. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart