A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Gpac
  • Mp4box

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Gpac
  • Mp4box
References
Link Providers
https://github.com/gpac/gpac/commit/13eb5b76560aaf7813b865a2ad433258478e2695 cve-icon cve-icon
https://github.com/gpac/gpac/issues/3301 cve-icon cve-icon
https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/48/README.md cve-icon cve-icon
https://infosec.exchange/@sigdevel/116658486442433074 cve-icon cve-icon
History

Wed, 03 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Gpac
Gpac mp4box
Vendors & Products Gpac
Gpac mp4box

Wed, 03 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title NULL pointer dereference in GPAC MP4Box causes denial of service with crafted file
Weaknesses CWE-476

Wed, 03 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Description A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
References
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-03T13:43:57.989Z

Reserved: 2025-09-26T00:00:00.000Z

Link: CVE-2025-60477

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-03T14:16:31.100

Modified: 2026-06-03T14:16:31.100

Link: CVE-2025-60477

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T16:30:35Z