CVE-2025-60486

Published: Jun 1, 2026

Modified: Jun 1, 2026

PUBLISHED

Description

A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/gpac/gpac/commit/e6d01820d7bf3967d931fedb379ee5f209bc133b

https://github.com/gpac/gpac/issues/3314

https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/53/README.md

https://infosec.exchange/@sigdevel/116662544397024289

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-60486

Description

Affected Products

References