CVE-2026-1417
📋 TL;DR
This CVE describes a null pointer dereference vulnerability in GPAC's MP4Box tool that can cause application crashes. The vulnerability requires local access to exploit and affects GPAC versions up to 2.4.0. While the exploit is publicly available, the impact is limited to denial of service due to the local attack vector.
💻 Affected Systems
- GPAC
- MP4Box
📦 What is this software?
Gpac by Gpac
⚠️ Risk & Real-World Impact
Worst Case
Local attacker causes GPAC/MP4Box to crash, potentially disrupting media processing workflows or automated systems using these tools.
Likely Case
Malicious local user crashes MP4Box application when processing specially crafted media files, causing denial of service.
If Mitigated
With proper access controls limiting local user privileges, impact is minimal as only authorized users could trigger the crash.
🎯 Exploit Status
Exploit requires local access and ability to execute MP4Box with malicious input. The vulnerability is in dump_isom_rtp function when processing specific media files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in commit f96bd57c3ccdcde4335a0be28cd3e8fe296993de and later versions
Vendor Advisory: https://github.com/gpac/gpac/issues/3426
Restart Required: No
Instructions:
1. Update GPAC to version after commit f96bd57c3ccdcde4335a0be28cd3e8fe296993de
2. For source installations: git pull from GPAC repository and rebuild
3. For package managers: Use updated packages from your distribution
🔧 Temporary Workarounds
Restrict MP4Box execution
linuxLimit which users can execute MP4Box to reduce attack surface
chmod 750 /usr/bin/MP4Box
setfacl -m u:trusteduser:rx /usr/bin/MP4Box
Remove or disable MP4Box
linuxIf MP4Box functionality is not required, remove the package
apt remove gpac
yum remove gpac
pacman -R gpac
🧯 If You Can't Patch
- Implement strict access controls to limit which users can execute MP4Box
- Monitor for abnormal MP4Box crashes and investigate any suspicious local user activity
🔍 How to Verify
Check if Vulnerable:
Check GPAC version: MP4Box -version | grep 'GPAC' and verify if version is 2.4.0 or earlierCheck Version:
MP4Box -version 2>&1 | grep -i gpacVerify Fix Applied:
Verify GPAC version is newer than 2.4.0 or includes commit f96bd57c3ccdcde4335a0be28cd3e8fe296993de📡 Detection & Monitoring
Log Indicators:
- Segmentation fault or crash logs from MP4Box process
- Abnormal termination of MP4Box with null pointer references
Network Indicators:
- No network indicators - local vulnerability only
SIEM Query:
Process:Name='MP4Box' AND EventID=1000 (Application Crash) OR Syslog contains 'segmentation fault' AND process contains 'MP4Box'🔗 References
- https://github.com/enocknt/gpac/commit/f96bd57c3ccdcde4335a0be28cd3e8fe296993de
- https://github.com/gpac/gpac/
- https://github.com/gpac/gpac/issues/3426
- https://github.com/gpac/gpac/issues/3426#issue-3802172856
- https://vuldb.com/?ctiid.342806
- https://vuldb.com/?id.342806
- https://vuldb.com/?submit.736543
