Severity by source
File deliverable over network (AV:N); victim must run MP4Box -dxml (UI:R); heap leak possible (C:L); crash confirmed (A:L); no write primitive (I:N).
Lifecycle Timeline
1Description PRE-NVD
AnalysisAI
Heap-based buffer overflow in GPAC MP4Box (all versions prior to fix commit 61bbfd2e89553373ba3449b8ec05b5f098d732a5) allows out-of-bounds heap READ when processing a crafted MP4 file containing corrupted stsz (sample-size box) data for an Opus audio track. When a user runs MP4Box with the -dxml flag against a malicious file, gf_opus_parse_packet_header() in av_parsers.c:11297 reads 1 byte beyond a 32-byte heap allocation, 1242 bytes past the base region allocated by Media_GetSample(), potentially leaking adjacent heap memory contents and crashing the process. A public proof-of-concept MP4 file is available; no active exploitation has been recorded in CISA KEV at time of analysis.
Technical ContextAI
GPAC is an open-source multimedia framework widely used for MP4/ISOBMFF file inspection, transcoding, and packaging. The vulnerable code path is triggered during the Opus track dump operation: dump_isom_opus() → gf_inspect_dump_opus_internal() → gf_opus_parse_packet_header() (media_tools/av_parsers.c). The corrupted stsz box (ISO 14496-12 sample-size box) causes Media_GetSample() to allocate an undersized 32-byte heap buffer. gf_opus_parse_packet_header() then fails to validate the buffer boundary before parsing the Opus packet header fields (CWE-122: Heap-based Buffer Overflow), performing a READ 1242 bytes past the heap region. This is a classic length-confusion flaw where the declared stsz entry does not match actual packet data, and the parser trusts the Opus header field values rather than the buffer's true capacity. The ASAN-confirmed READ of size 1 at av_parsers.c:11297 indicates a single-byte sequential over-read consistent with iterating a loop or indexing into a header field without bounds checking.
Affected ProductsAI
GPAC MP4Box is affected in all versions on the master branch prior to fix commit 61bbfd2e89553373ba3449b8ec05b5f098d732a5. No specific tagged release version boundary has been confirmed in the available advisory data; the reporter notes the crash is reproducible on the master branch at the time of discovery. The issue tracker reference is https://github.com/gpac/gpac/issues/3190. No CPE string was provided in the input data, and the exact first-affected tagged release is not independently confirmed.
RemediationAI
Apply upstream fix commit 61bbfd2e89553373ba3449b8ec05b5f098d732a5 from the GPAC GitHub repository (https://github.com/gpac/gpac). No vendor-tagged release version has been independently confirmed as containing this fix; users building from source should ensure their checkout is at or past this commit. As a compensating control, restrict use of 'MP4Box -dxml' exclusively to trusted, internally sourced MP4 files - untrusted or user-supplied media files should not be processed with this flag until the patch is applied. Organizations using GPAC in automated media processing pipelines should add file-source allowlisting to prevent arbitrary MP4 files from reaching the dump/inspect code path. Note that disabling Opus track processing entirely is not straightforward via command-line flags, so the safest mitigation remains patching or input restriction.
Share
External POC / Exploit Code
Leaving vuln.today