CVE-2026-9567

Source
https://cve.org/CVERecord?id=CVE-2026-9567
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9567.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-9567
Downstream
Published
2026-05-26T17:45:10.365Z
Modified
2026-07-08T08:17:46.341146683Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
GPAC MP4Box isom_intern.c MergeFragment null pointer dereference
Details

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The patch is identified as 525bf1af642c30af04e4df5345e6d798c0a4d8a1. It is advisable to implement a patch to correct this issue.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.1"
                },
                {
                    "last_affected": "2.1"
                },
                {
                    "introduced": "2.3"
                },
                {
                    "last_affected": "2.3"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9567.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-404",
        "CWE-476"
    ]
}
References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type
GIT
Repo
https://github.com/gpac/gpac
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "2.0"
        },
        {
            "last_affected": "2.0"
        },
        {
            "introduced": "2.2"
        },
        {
            "last_affected": "2.2"
        },
        {
            "introduced": "2.4.0"
        },
        {
            "last_affected": "2.4.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/makesoftwaresafe/gpac
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

2.*
2.0
2.2
2.4.0
v0.*
v0.5.2
v0.6.0
v0.9.0
v0.9.0-preview
v1.*
v1.0.0
v2.*
v2.0.0
v2.2.0
v2.4.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9567.json"