UBUNTU-CVE-2025-60466

A use-after-free in the gffilterpidgetpacket function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

UBUNTU-CVE-2025-60467

A use-after-free in the gffilterpidinstswapdeletetask function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

CVE-2025-60465

A use-after-free in the gffilterpidinstswap function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

EUVD-2025-210330

A use-after-free in the gffilterpidgetpacket function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

CVE-2025-60466

A use-after-free in the gffilterpidgetpacket function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

CVE-2025-60465

GPAC Project/MP4Box prior to 26.02.0 is affected by CVE-2025-60465 due to a use-after-free in the function gf_filter_pid_inst_swap (in /filter_core/filter_pid.c). The vulnerability allows an attacker to trigger a Denial of Service by processing a crafted media file. The documented remediation is ...

CVE-2025-60465

A use-after-free in the gffilterpidinstswap function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

PT-2026-52559

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid inst swap function located in /filter core/filter pid.c. A use-after-free occurs when a program continues to use a pointer after it ha...

CVE-2025-60467

A use-after-free in the gffilterpidinstswapdeletetask function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

CVE-2026-55488

motionEye mEye is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fro...

CVE-2026-55488

CVE-2026-55488 (motionEye) is an absolute path traversal in motionEye prior to 0.44.0, affecting media file handlers that accept a user-controlled filename and build paths with os.path.join(). When an absolute path is provided, the target directory is ignored and the attacker-controlled path is u...

EUVD-2026-38804

motionEye mEye is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fro...

CVE-2026-55488 motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

motionEye mEye is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fro...

PT-2026-52132

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid inst swap delete task function located in /filter core/filter pid.c. This occurs when the software processes a specially crafted media...

CVE-2025-60466

GPAC MP4Box (before 26.02.0) is affected by a use-after-free in the function gf_filter_pid_get_packet within /filter_core/filter_pid.c, enabling potential DoS via crafted media files. The vulnerability is triggered by handling specific media content and may lead to process instability or crash. A...

CVE-2025-60467

GPAC Project/MP4Box prior to 26.02.0 is affected by a use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c). The issue can allow a Denial of Service when processing a crafted media file. The vulnerability is confirmed across multiple sources (NVD, CVE reco...

CVE-2025-60467

A use-after-free in the gffilterpidinstswapdeletetask function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

CVE-2025-60466

A use-after-free in the gffilterpidgetpacket function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

DEBIAN-CVE-2026-52718

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

CVE-2026-52718 Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...