CVE-2025-60471 Overview
CVE-2025-60471 is a use-after-free vulnerability in the gf_filter_pid_reconfigure_task_discard function located in src/filter_core/filter_pid.c of the GPAC Project's MP4Box utility. Versions of GPAC before 26.02.0 are affected. An attacker can trigger the flaw by supplying a crafted media file that causes the filter PID instance to be referenced after it has been freed. Successful exploitation results in a denial of service (DoS) of the MP4Box process. The vulnerability is tracked under CWE-416: Use After Free.
Critical Impact
Processing a malicious media file with MP4Box crashes the application, disrupting automated media workflows and transcoding pipelines that rely on GPAC.
Affected Products
- GPAC Project MP4Box versions prior to 26.02.0
- GPAC Project libgpac filter core (src/filter_core/filter_pid.c)
- Applications and pipelines embedding vulnerable GPAC builds
Discovery Timeline
- 2026-06-24 - CVE-2025-60471 published to the National Vulnerability Database
- 2026-06-24 - Last updated in NVD database
Technical Details for CVE-2025-60471
Vulnerability Analysis
The defect resides in GPAC's filter pipeline logic, which manages PID (packet identifier) instances during media filter graph reconfiguration. When a crafted media file forces the filter graph to reconfigure and discard a PID instance, the code path executes gf_filter_pid_inst_del(pidinst) even when a configure_task_discard task is already pending on the same PID instance. The pending task subsequently dereferences memory that the deletion call already released. The resulting use-after-free corrupts process state and aborts execution.
Root Cause
The root cause is missing coordination between the PID instance deletion path and the asynchronous configure_task_discard task. The original code did not check the discard_inputs state before freeing the PID instance, allowing both code paths to operate on the same object. CWE-416 applies because the freed pointer remains reachable by the deferred discard task.
Attack Vector
Exploitation requires local access and user interaction: a victim must open the malicious media container with MP4Box or a host application using libgpac. The attacker does not need any privileges on the target system. The impact is limited to availability, with no confidentiality or integrity loss reported.
// Patch in src/filter_core/filter_pid.c - Fixed GPAC issue #3279
if (filter->detached_pid_inst && (gf_list_find(filter->detached_pid_inst, pidinst)>=0) )
return;
- gf_filter_pid_inst_del(pidinst);
+ //we posted a configure_task_discard on this PID, mark as "to be destroyed" and let thet task destroy the pid
+ if (pidinst->discard_inputs==2) {
+ pidinst->discard_inputs = 3;
+ } else {
+ gf_filter_pid_inst_del(pidinst);
+ }
if (filter->num_input_pids) return;
//we still have other pid instances registered for chain reconfigure, don't discard the filter
Source: GPAC commit 868c6801. The patch defers destruction when a discard task is already queued (discard_inputs==2), transitioning the state to 3 so the pending task safely tears down the PID instance.
Detection Methods for CVE-2025-60471
Indicators of Compromise
- Unexpected MP4Box or libgpac process crashes with SIGSEGV or SIGABRT during media parsing
- Core dumps referencing gf_filter_pid_reconfigure_task_discard or gf_filter_pid_inst_del in the call stack
- Media transcoding jobs terminating mid-process when handling untrusted input files
Detection Strategies
- Inventory hosts and containers running GPAC or MP4Box and identify versions prior to 26.02.0
- Run AddressSanitizer (ASan) builds of GPAC against incoming media samples to surface use-after-free conditions
- Hunt process termination telemetry for MP4Box exiting abnormally after opening files from untrusted sources
Monitoring Recommendations
- Log all MP4Box invocations including command line arguments and source file paths in batch processing systems
- Alert on repeated abnormal exits of GPAC binaries within short time windows
- Correlate file ingestion events with downstream process crashes in media workflows
How to Mitigate CVE-2025-60471
Immediate Actions Required
- Upgrade GPAC and MP4Box to version 26.02.0 or later, which contains commit 868c6801
- Restrict MP4Box execution to sandboxed contexts when processing files from untrusted users
- Audit automated media pipelines to ensure they validate file sources before invoking GPAC
Patch Information
The fix is committed upstream in the GPAC repository. Reference the GPAC commit 868c6801c226e9964cace54cfd5a759f152780b4 and the corresponding GitHub issue #3279. Proof-of-concept artifacts are published in the sigdevel PoC repository.
Workarounds
- Avoid processing untrusted or attacker-supplied media files with vulnerable MP4Box builds
- Run MP4Box under a restricted user account with resource limits and seccomp filtering
- Isolate media processing workloads in ephemeral containers that recover from crashes automatically
# Verify installed GPAC version and replace with patched build
MP4Box -version 2>&1 | head -n1
# Example: rebuild from a patched source tree
git clone https://github.com/gpac/gpac.git
cd gpac
git checkout 868c6801c226e9964cace54cfd5a759f152780b4
./configure && make -j$(nproc) && sudo make install
# Run MP4Box under a sandbox when handling untrusted inputs
firejail --noprofile --net=none --private-tmp MP4Box -info /path/to/untrusted.mp4
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

