CVE-2025-15667 in GPACinfo

Summary

by MITRE • 07/06/2026

A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf_isom_nalu_sample_rewrite of the file src/isomedia/avc_ext.c of the component MP4Box. This manipulation of the argument nalu_out_bs causes double free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: f29f955f2a3b5e8e507caad3e52319f961bf37bf. To fix this issue, it is recommended to deploy a patch.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/06/2026

The vulnerability identified in GPAC version 2.5-DEV represents a critical memory corruption flaw within the MP4Box component that specifically affects the gf_isom_nalu_sample_rewrite function located in src/isomedia/avc_ext.c. This issue manifests as a double free condition that occurs when manipulating the nalu_out_bs argument, creating a scenario where memory allocated for NALU (Network Abstraction Layer Unit) sample processing is freed twice during the execution flow. The vulnerability's impact is particularly concerning given its local host exploitation potential and the fact that public exploit code has already been disclosed, making it immediately actionable by threat actors.

The technical implementation of this flaw stems from improper memory management within the AVC (Advanced Video Coding) extension module of GPAC's multimedia processing framework. When the gf_isom_nalu_sample_rewrite function processes video samples containing NALU data structures, the nalu_out_bs parameter becomes subject to incorrect deallocation sequences that result in the same memory block being freed multiple times. This double free condition creates opportunities for arbitrary code execution through heap corruption, potentially allowing attackers to manipulate program control flow or cause application crashes. The vulnerability's classification aligns with CWE-415: Double Free, which is categorized under the broader category of memory safety issues that can lead to privilege escalation and remote code execution.

From an operational perspective, this vulnerability presents significant risks for systems utilizing GPAC as part of their multimedia processing pipeline, particularly those handling video content or serving as media servers. The local host attack vector means that any user with access to the system where GPAC is installed could potentially exploit this flaw without requiring network connectivity or specialized attack infrastructure. This makes it particularly dangerous in environments where multiple users have local access, such as development workstations, shared servers, or systems running multimedia applications. The public disclosure of exploit code accelerates the threat landscape by removing the need for advanced exploitation techniques and making the vulnerability accessible to a broader range of threat actors.

The recommended remediation strategy centers on applying the specific patch identified by the commit hash f29f955f2a3b5e8e507caad3e52319f961bf37bf, which addresses the memory management error in the affected function. Organizations should prioritize deployment of this patch across all systems running GPAC versions up to 2.5-DEV, particularly in environments where local user access is not strictly controlled. Security teams should also implement monitoring for any exploitation attempts or unusual system behavior that might indicate successful exploitation of this vulnerability. Additionally, organizations should consider implementing additional security controls such as application whitelisting, privilege separation, and regular vulnerability assessments to reduce the attack surface and mitigate potential impact if exploitation occurs.

The vulnerability's characteristics align with ATT&CK technique T1059.007: Command and Scripting Interpreter: PowerShell, in that it enables similar privilege escalation pathways through memory corruption attacks, though this particular flaw operates at the binary level rather than through script execution. Organizations should also consider implementing process monitoring to detect anomalous memory allocation patterns that might indicate exploitation attempts, as well as maintaining up-to-date threat intelligence feeds to track related vulnerabilities and exploits targeting multimedia processing frameworks. The remediation process should include thorough testing of the patched version in controlled environments to ensure compatibility with existing workflows before full deployment across production systems.

Responsible

VulDB

Disclosure

07/06/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00000

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!