GPAC
Moderate fix1 remedy
cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 2.4.0
GPAC Memory Leak Vulnerability in MP4Box Component
Vulnerability
A memory leak vulnerability has been identified in GPAC versions through 2.4.0, specifically within the MP4Box component. The issue arises in the 'Media_GetSample' function of 'src/isomedia/media.c', where improper handling of the 'cat' argument leads to a memory leak. This vulnerability can only be exploited in a local environment. The problem occurs when MP4Box concatenates tracks from a malformed MP4 file, causing a sample buffer to be allocated but not properly released. The vulnerability has been publicly disclosed and exploited.
Impact
Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of application performance over time.
Reproduction
The vulnerability can be reproduced by using the MP4Box command-line tool to concatenate tracks from a malformed MP4 file. The 'cat' option should be used to import the tracks, which will trigger the memory leak in the 'Media_GetSample' function.
Remediation
Users are advised to update to the latest version of GPAC, where this vulnerability has been fixed.
Added: May 26, 2026, 10:15 PM
Updated: May 26, 2026, 10:15 PM
Vulnerability Rating
Custom Algorithm
spread
2.4impact
2.5exploitability
4.6remediation
7.7relevance
9.6threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.