CVE-2025-60464

A use-after-free in the gfseiloadfromstateinternal function /filters/seiload.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 TS file...

CVE-2025-60464

A use-after-free in the gfseiloadfromstateinternal function /filters/seiload.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 TS file...

CVE-2025-60464

GPAC MP4Box contains a use-after-free in gf_sei_load_from_state_internal (in /filters/sei_load.c) affecting builds before 26.02.0. This vulnerability can allow a Denial of Service when processing a crafted MPEG-2 TS file. The issue is described across multiple sources (NVD/NVD variant, AttackersK...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set devicecaps for 417. The videodevice for the MPEG encoder did not set devicecaps. This issue needs to be addressed; otherwise, the videodevice cannot be registered a WARNON message will be generated. This issue...

Updated libsndfile packages fix security vulnerabilities

CVE-2025-52194 A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption a...

CVE-2026-1765

A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...

CVE-2026-1766

CVE-2026-1766 concerns GNOME localsearch (tracker-extract-mp3) and its MP3 Extractor, where a heap buffer overflow occurs while parsing MP3 files with malformed ID3v2.3 COMM tags. Exploitation can cause DoS (crash) and may disclose heap data. Public advisories and patches exist across multiple ve...

CVE-2025-55644

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49271

A heap use-after-free in the gf node get tag function scenegraph/base scenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

OESA-2026-2665 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: When calculating the...

OESA-2026-2663 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: FFmpeg 4.2 is affected ...

OESA-2026-2662 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: When calculating the...

MPEG-4 container plugin for Membrane Framework 安全漏洞

The MPEG-4 container plugin for Membrane Framework is an open-source plugin developed by Membrane Framework for parsing and multiplexing MP4 containers. Versions of the MPEG-4 container plugin for Membrane Framework from 0.3.0 to 0.36.7 contained security vulnerabilities. These vulnerabilities...

PT-2026-48162

🚨 CVE-2025-55659 A NULL pointer dereference in the ctts box write function isomedia/box code base.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file. 🎖@cveNotify...

CVE-2026-46469

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

CVE-2025-60486

A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 file...

Linux Distros Unpatched Vulnerability : CVE-2025-60486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS vi...

CVE-2025-60486

A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 file...

DEBIAN-CVE-2025-60486

A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 file...

CVE-2025-60486

A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 file...