CVE-2025-15668 in GPACinfo

Summary

by MITRE • 07/06/2026

A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpd_del_entry of the file src/isomedia/box_code_base.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is f29f955f2a3b5e8e507caad3e52319f961bf37bf. It is advisable to implement a patch to correct this issue.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/06/2026

The vulnerability in GPAC software represents a critical heap-based buffer overflow condition that emerges from improper input validation within the sgpd_del_entry function of the MP4Box component. This flaw resides in the src/isomedia/box_code_base.c file and manifests when maliciously crafted data is processed through the function argument handling mechanism. The vulnerability requires local access for exploitation, meaning an attacker must already have system-level privileges or physical access to the target machine to leverage this weakness effectively. The presence of a publicly available exploit significantly elevates the risk profile, as it removes the barrier to entry that would typically require advanced technical knowledge or extensive research to develop a working attack vector.

The technical implementation of this vulnerability stems from inadequate bounds checking during memory allocation operations within the MP4Box functionality. When the sgpd_del_entry function processes input data, it fails to properly validate the size or content of the argument data parameter before performing heap memory operations. This oversight creates a condition where an attacker can manipulate the input to exceed allocated buffer boundaries, resulting in memory corruption that can lead to arbitrary code execution or system instability. The vulnerability specifically targets heap memory management functions, making it particularly dangerous as it can potentially overwrite critical program structures or execute malicious code within the context of the running GPAC process.

From an operational perspective, this vulnerability poses significant risks to systems utilizing GPAC for multimedia processing or content management tasks. Since local access is required, the attack vector typically involves either physical compromise of the system or exploitation of another vulnerability that grants local privileges. The availability of a public exploit means that this vulnerability can be leveraged by threat actors without requiring specialized knowledge or development time. Organizations using GPAC in production environments face potential risks including unauthorized code execution, data corruption, or complete system compromise depending on the privilege level of the compromised process. The impact extends beyond individual system compromise to potentially affect network infrastructure if GPAC is used as part of content delivery or media processing pipelines.

The recommended mitigation strategy involves applying the specific patch identified by the commit hash f29f955f2a3b5e8e507caad3e52319f961bf37bf which addresses the buffer overflow condition in the sgpd_del_entry function. System administrators should prioritize deployment of this patch across all affected GPAC installations, particularly those running versions prior to the b40ce70f5 commit. Additionally, organizations should implement network segmentation and access controls to limit local system access where possible, reducing the attack surface for this vulnerability. Security monitoring should be enhanced to detect unusual memory allocation patterns or potential exploitation attempts within systems that utilize GPAC functionality.

This vulnerability aligns with CWE-121 heap-based buffer overflow classifications and maps to ATT&CK technique T1059.007 for command and scripting interpreter usage in exploitation scenarios. The local privilege requirement places this vulnerability within ATT&CK's privilege escalation categories when considering potential lateral movement after initial compromise. Organizations should also consider implementing application whitelisting controls to prevent unauthorized execution of patched or vulnerable versions of GPAC software while maintaining operational continuity through proper patch management procedures and regular security assessments of multimedia processing systems.

Responsible

VulDB

Disclosure

07/06/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00000

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!