CVE-2025-15667
Received Received - Intake

Double Free in GPAC MP4Box via AVCC NALU Rewrite

Vulnerability report for CVE-2025-15667, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: VulDB

Description

A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf_isom_nalu_sample_rewrite of the file src/isomedia/avc_ext.c of the component MP4Box. This manipulation of the argument nalu_out_bs causes double free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: f29f955f2a3b5e8e507caad3e52319f961bf37bf. To fix this issue, it is recommended to deploy a patch.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gpac gpac to 2.5-DEV (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

Exploiting this vulnerability can cause the GPAC application to crash due to memory corruption, resulting in a denial-of-service condition. Because it involves double-free memory errors, it may also potentially allow an attacker to execute arbitrary code or manipulate program behavior, although the CVSS scores indicate a relatively low severity.

The attack requires local access and a specially crafted MP4 file, so remote exploitation is not indicated. However, successful exploitation could disrupt media processing workflows or compromise system stability.

Executive Summary

This vulnerability is a double-free issue in the GPAC library, specifically in the function gf_isom_nalu_sample_rewrite within the file src/isomedia/avc_ext.c of the MP4Box component. The problem arises when manipulating the argument nalu_out_bs, which causes the program to free the same memory twice. This can lead to memory corruption and program crashes.

The vulnerability can be triggered locally by processing a specially crafted MP4 file using MP4Box with the -cat option, causing the program to abort due to memory corruption during cleanup of movie structures.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the double-free error using the MP4Box tool with a specially crafted malicious input file.

A specific command to trigger the vulnerability is:

  • ./MP4Box -cat POC white.mp4 -out /dev/null

Here, 'POC' is a maliciously crafted MP4 file designed to cause the double-free during the cleanup process, which results in program termination with an abort message. Running this command in an environment with AddressSanitizer enabled can help detect the memory corruption.

Mitigation Strategies

The immediate mitigation step is to apply the patch identified by commit f29f955f2a3b5e8e507caad3e52319f961bf37bf in the GPAC repository.

This patch includes memory handling fixes in the affected source files to prevent the double-free issue.

Until the patch is applied, avoid processing untrusted or specially crafted MP4 files with MP4Box, especially using the '-cat' option, to reduce the risk of exploitation.

Compliance Impact

The provided information does not include any details on how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15667. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart