CVE-2025-15668
Received Received - Intake

Heap-based Buffer Overflow in GPAC MP4Box

Vulnerability report for CVE-2025-15668, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: VulDB

Description

A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpd_del_entry of the file src/isomedia/box_code_base.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is f29f955f2a3b5e8e507caad3e52319f961bf37bf. It is advisable to implement a patch to correct this issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gpac mp4box to b40ce70f5 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a heap-based buffer overflow in the GPAC MP4Box tool, specifically in the function sgpd_del_entry within the file src/isomedia/box_code_base.c. It occurs when deleting AV1 sample group description entries, causing an out-of-bounds read on a buffer allocated by sg_av1s_create_entry. This leads to a crash during the cleanup of nested ISO box structures when processing a malformed MP4 file.

Impact Analysis

The vulnerability can cause the MP4Box tool to crash due to an out-of-bounds memory read, which may lead to denial of service or potential exploitation if an attacker has local access. Since local access is required, the impact is limited to users who can run the tool locally, but the exploit is publicly available and might be used to trigger the issue.

Detection Guidance

This vulnerability can be detected by attempting to process a specially crafted malformed MP4 file using the vulnerable GPAC MP4Box tool. A known command that triggers the issue is:

  • ./MP4Box -cat POC white.mp4 -out /dev/null

Running this command on a vulnerable version causes an AddressSanitizer error indicating a heap-buffer-overflow, which can be used as a detection method.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to apply the available patch identified by commit f29f955f2a3b5e8e507caad3e52319f961bf37bf that fixes the heap-based buffer overflow in the sgpd_del_entry function.

Additionally, avoid processing untrusted or malformed MP4 files with the vulnerable version of GPAC MP4Box until the patch is applied.

Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15668. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart