UBUNTU-CVE-2025-60468
- Source
- https://ubuntu.com/security/CVE-2025-60468
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-60468.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-60468
- Upstream
- Published
- 2026-06-26T00:00:00Z
- Modified
- 2026-06-26T12:27:46.841083797Z
- Severity
-
- Ubuntu - medium
- Summary
- [none]
- Details
-
GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: filtercore/filterpid.c (L:574-580): function gffilterpidinstswapdeletetask() improperly accesses freed objects during PID instance swap/delete cleanup, leading to heap use-after-free. The attack vector is: Local (AV:L): a local, authenticated user who processes a specially crafted MPEG-2 TS/MP4 file with MP4Box can trigger the bug during filter teardown (PID instance swap/delete), causing a crash. ΒΆΒΆ In GPAC s MP4Box, gffilterpidinstswapdeletetask() in filtercore/filterpid.c may dereference objects after they have been freed when cleaning up PID instances after a swap/delete operation. Crafted inputs (e.g., malformed MPEG-2 TS) can trigger a heap use-after-free and crash; exploitation may be possible.
- References
-
- https://ubuntu.com/security/CVE-2025-60468
- https://www.cve.org/CVERecord?id=CVE-2025-60468
- https://github.com/gpac/gpac/commit/976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77
- https://github.com/gpac/gpac/commit/aed9c94e92e8ba362ddb29c767c519478f46f195
- https://github.com/gpac/gpac/issues/3290
- https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/39/39_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_580
- https://infosec.exchange/@sigdevel/116780598378458041
Affected packages
Ubuntu:Pro:14.04:LTS
gpac
Package
- Name
- gpac
- Purl
- pkg:deb/ubuntu/gpac?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.5.0+svn4288~dfsg1-1ubuntu1
0.5.0+svn4288~dfsg1-4
0.5.0+svn4288~dfsg1-4ubuntu1
0.5.0+svn4288~dfsg1-4ubuntu1+esm1
0.5.0+svn4288~dfsg1-4ubuntu1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.5.0+svn4288~dfsg1-4ubuntu1+esm2",
"binary_name": "gpac"
},
{
"binary_version": "0.5.0+svn4288~dfsg1-4ubuntu1+esm2",
"binary_name": "gpac-modules-base"
},
{
"binary_version": "0.5.0+svn4288~dfsg1-4ubuntu1+esm2",
"binary_name": "libgpac2"
}
]
}Ubuntu:Pro:16.04:LTS
gpac
Package
- Name
- gpac
- Purl
- pkg:deb/ubuntu/gpac?arch=source&distro=esm-apps%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.5.2-426-gc5ad4e4+dfsg5-1build1
0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1
0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2",
"binary_name": "gpac"
},
{
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2",
"binary_name": "gpac-modules-base"
},
{
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2",
"binary_name": "libgpac4"
}
]
}Ubuntu:Pro:18.04:LTS
gpac
Package
- Name
- gpac
- Purl
- pkg:deb/ubuntu/gpac?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.5.2-426-gc5ad4e4+dfsg5-3
0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1
0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1",
"binary_name": "gpac"
},
{
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1",
"binary_name": "gpac-modules-base"
},
{
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1",
"binary_name": "libgpac4"
}
]
}Ubuntu:Pro:20.04:LTS
gpac
Package
- Name
- gpac
- Purl
- pkg:deb/ubuntu/gpac?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.5.2-426-gc5ad4e4+dfsg5-4ubuntu1
0.5.2-426-gc5ad4e4+dfsg5-5
0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2",
"binary_name": "gpac"
},
{
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2",
"binary_name": "gpac-modules-base"
},
{
"binary_version": "0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2",
"binary_name": "libgpac4"
}
]
}Ubuntu:Pro:22.04:LTS
gpac
Package
- Name
- gpac
- Purl
- pkg:deb/ubuntu/gpac?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:24.04:LTS
gpac
Package
- Name
- gpac
- Purl
- pkg:deb/ubuntu/gpac?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.2.1+dfsg1-3
2.2.1+dfsg1-3.1
2.2.1+dfsg1-3.1build1
2.2.1+dfsg1-3.1build2
2.2.1+dfsg1-3.1ubuntu0.1~esm2