VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Jun 1, 2026· Updated Jun 1, 2026

CVE-2025-60485

CVE-2025-60485

Description

A segmentation violation in GPAC's MP4Box allows attackers to cause a Denial of Service via a crafted MP4 file due to missing pointer validation in gf_isom_apple_set_tag_ex.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A segmentation violation in GPAC's MP4Box allows attackers to cause a Denial of Service via a crafted MP4 file due to missing pointer validation in gf_isom_apple_set_tag_ex.

Vulnerability

A segmentation violation exists in the gf_isom_apple_set_tag_ex function within isomedia/isom_write.c of GPAC Project/MP4Box. The vulnerability occurs because the function fails to perform adequate pointer validation before accessing memory when processing MP4 files containing invalid descriptors or corrupted "esds" boxes. This issue affects versions prior to 26.02 [1][3].

Exploitation

An attacker can trigger this vulnerability by providing a specially crafted MP4 file to the MP4Box utility. No specific authentication or network access is required, as the crash occurs during the local parsing of the malformed file structure. The exploitation sequence involves invoking MP4Box on the malicious file, which leads to a null pointer dereference when the parser encounters the corrupted box structures [1].

Impact

Successful exploitation of this vulnerability results in a Denial of Service (DoS) condition, causing the MP4Box application to crash due to a segmentation fault. This impacts the availability of the service or tool processing the file [1].

Mitigation

The vulnerability is addressed in GPAC version 26.02 by adding necessary pointer checks to ensure in_cust_mean and in_cust_name are validated before access [3]. Users are advised to update to the latest version of GPAC to resolve this issue.

References
  1. [security] isomedia/isom_write.c:6309 SEGV in gf_isom_apple_set_tag_ex
  2. minor mem issues (fixes #3323, fixes #3325) · gpac/gpac@4860a1a

AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

1
4860a1a6f128

minor mem issues (fixes #3323, fixes #3325)

https://github.com/gpac/gpacAurelien DavidAug 19, 2025via nvd-ref
commit
3 files changed · +6 3
  • src/filters/dasher.c+1 1 modified
    @@ -7754,7 +7754,7 @@ static void dasher_insert_timeline_entry(GF_DasherCtx *ctx, GF_DashStream *ds, B
 	//append to previous entry if possible
 	s = gf_list_last(tl->entries);
 
-	if (prev_patch_dur) {
+	if (s && prev_patch_dur) {
 		u32 nb_ent = gf_list_count(tl->entries);
 		//split entry
 		if (s->repeat_count) {
  • src/filters/isoffin_load.c+3 0 modified
    @@ -678,6 +678,9 @@ static ISOMChannel *isor_setup_channel(ISOMReader *read, u32 track, u32 streamty
 			}
 			break;
 		}
+
+		if (dyname)
+			gf_free(dyname);
 	}
 
 	if (gf_sys_old_arch_compat()) {
  • src/isomedia/isom_write.c+2 2 modified
    @@ -6306,9 +6306,9 @@ GF_Err gf_isom_apple_set_tag_ex(GF_ISOFile *mov, GF_ISOiTunesTag tag, const u8 *
 		btype = data ? GF_ISOM_ITUNE_GENRE_USER : GF_ISOM_ITUNE_GENRE;
 	} else if (tag==GF_4CC('c','u','s','t') ) {
 		if (in_cust_name || in_cust_mean) {
-			if (in_cust_mean[0])
+			if (in_cust_mean && in_cust_mean[0])
 				cust_mean = gf_strdup(in_cust_mean);
-			if (in_cust_name[0])
+			if (in_cust_name && in_cust_name[0])
 				cust_name = gf_strdup(in_cust_name);
 			btype = GF_ISOM_BOX_TYPE_iTunesSpecificInfo;
 		} else {

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

4

News mentions

0

No linked articles in our index yet.