Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-1415

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 3 weeks ago

GPAC media_export.c gf_media_export_webvtt_metadata null pointer dereference

A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is af951b892dfbaaa38336ba2eba6d6a42c25810fd. To fix this issue, it is recommended to deploy a patch.

References

VDB-342804 | GPAC media_export.c gf_media_export_webvtt_metadata null pointer dereference vdb-entry technical-description
VDB-342804 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #736541 | gpac v2.4.0 NULL Pointer Dereference third-party-advisory
https://github.com/gpac/gpac/issues/3428 issue-tracking
https://github.com/gpac/gpac/issues/3428#issue-3802223345 issue-tracking exploit
https://github.com/enocknt/gpac/commit/af951b892dfbaaa38336ba2eba6d6a42c25810fd patch

Affected products

GPAC

==2.2
==2.0
==2.1
==2.4.0
==2.3

Matching in nixpkgs

pkgs.gpac

Open Source multimedia framework for research and academic purposes

nixos-unstable 2.4.0
- nixpkgs-unstable 2.4.0
- nixos-unstable-small 2.4.0

pkgs.msgpack

MessagePack implementation for C and C++

pkgs.msgpack-c

MessagePack implementation for C

nixos-unstable 6.1.0
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0

pkgs.msgpack-cxx

MessagePack implementation for C++

nixos-unstable 7.0.0
- nixpkgs-unstable 7.0.0
- nixos-unstable-small 7.0.0

pkgs.gpac-unstable

Open Source multimedia framework for research and academic purposes

nixos-unstable 2.4-unstable-2025-10-26
- nixpkgs-unstable 2.4-unstable-2025-10-26
- nixos-unstable-small 2.4-unstable-2025-10-26

pkgs.msgpack-tools

Command-line tools for converting between MessagePack and JSON

nixos-unstable 0.6
- nixpkgs-unstable 0.6
- nixos-unstable-small 0.6

pkgs.rubyPackages.msgpack

None

nixos-unstable 1.8.0
- nixpkgs-unstable 1.8.0
- nixos-unstable-small 1.8.0

pkgs.phpExtensions.msgpack

PHP extension for interfacing with MessagePack

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0

pkgs.haskellPackages.msgpack

A Haskell implementation of MessagePack

nixos-unstable 1.0.1.0
- nixpkgs-unstable 1.0.1.0
- nixos-unstable-small 1.0.1.0

pkgs.perlPackages.MsgPackRaw

Perl bindings to the msgpack C library

nixos-unstable 0.05
- nixpkgs-unstable 0.05
- nixos-unstable-small 0.05

pkgs.php81Extensions.msgpack

PHP extension for interfacing with MessagePack

pkgs.php82Extensions.msgpack

PHP extension for interfacing with MessagePack

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0

pkgs.php83Extensions.msgpack

PHP extension for interfacing with MessagePack

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0

pkgs.php84Extensions.msgpack

PHP extension for interfacing with MessagePack

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0

pkgs.luaPackages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.rubyPackages_3_1.msgpack

None

pkgs.rubyPackages_3_2.msgpack

None

pkgs.rubyPackages_3_3.msgpack

None

nixos-unstable 1.8.0
- nixpkgs-unstable 1.8.0
- nixos-unstable-small 1.8.0

pkgs.rubyPackages_3_4.msgpack

None

nixos-unstable 1.8.0
- nixpkgs-unstable 1.8.0
- nixos-unstable-small 1.8.0

pkgs.rubyPackages_3_5.msgpack

None

nixos-unstable 1.8.0
- nixpkgs-unstable 1.8.0
- nixos-unstable-small 1.8.0

pkgs.python312Packages.msgpack

MessagePack serializer implementation

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1

pkgs.python313Packages.msgpack

MessagePack serializer implementation

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1

pkgs.lua51Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.lua52Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.lua53Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.lua54Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.perl538Packages.MsgPackRaw

Perl bindings to the msgpack C library

nixos-unstable 0.05
- nixpkgs-unstable 0.05
- nixos-unstable-small 0.05

pkgs.perl540Packages.MsgPackRaw

Perl bindings to the msgpack C library

nixos-unstable 0.05
- nixpkgs-unstable 0.05
- nixos-unstable-small 0.05

pkgs.luajitPackages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.python312Packages.ormsgpack

Fast msgpack serialization library for Python derived from orjson

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.12.0

pkgs.python313Packages.ormsgpack

Fast msgpack serialization library for Python derived from orjson

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.12.0

pkgs.haskellPackages.data-msgpack

A Haskell implementation of MessagePack

nixos-unstable 0.0.13
- nixpkgs-unstable 0.0.13
- nixos-unstable-small 0.0.13

pkgs.python312Packages.msgpack-numpy

Numpy data type serialization using msgpack

nixos-unstable 0.4.8
- nixpkgs-unstable 0.4.8
- nixos-unstable-small 0.4.8

pkgs.python313Packages.msgpack-numpy

Numpy data type serialization using msgpack

nixos-unstable 0.4.8
- nixpkgs-unstable 0.4.8
- nixos-unstable-small 0.4.8

pkgs.haskellPackages.data-msgpack-types

A Haskell implementation of MessagePack

nixos-unstable 0.0.3
- nixpkgs-unstable 0.0.3
- nixos-unstable-small 0.0.3

pkgs.python312Packages.u-msgpack-python

Portable, lightweight MessagePack serializer and deserializer written in pure Python

nixos-unstable 2.8.0
- nixpkgs-unstable 2.8.0
- nixos-unstable-small 2.8.0

pkgs.python313Packages.u-msgpack-python

Portable, lightweight MessagePack serializer and deserializer written in pure Python

nixos-unstable 2.8.0
- nixpkgs-unstable 2.8.0
- nixos-unstable-small 2.8.0

pkgs.chickenPackages_5.chickenEggs.msgpack

MessagePack implementation for CHICKEN

nixos-unstable 1.0.3
- nixpkgs-unstable 1.0.3
- nixos-unstable-small 1.0.3

Package maintainers

@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@redbaron Maxim Ivanov <ivanov.maxim@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>
@figsoda figsoda <figsoda@pm.me>
@aanderse Aaron Andersen <aaron@fosslib.net>
@ostrolucky Gabriel Ostrolucký <gabriel.ostrolucky@gmail.com>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
@aborsu Augustin Borsu <a.borsu@gmail.com>
@sarahec Sarah Clark <seclark@nextquestion.net>
@thesn10 TheSN