Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-1417

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 3 weeks ago

GPAC filedump.c dump_isom_rtp null pointer dereference

A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: f96bd57c3ccdcde4335a0be28cd3e8fe296993de. Applying a patch is the recommended action to fix this issue.

References

VDB-342806 | GPAC filedump.c dump_isom_rtp null pointer dereference vdb-entry technical-description
VDB-342806 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #736543 | gpac v2.4.0 NULL Pointer Dereference third-party-advisory
https://github.com/gpac/gpac/issues/3426 issue-tracking
https://github.com/gpac/gpac/issues/3426#issue-3802172856 issue-tracking exploit
https://github.com/enocknt/gpac/commit/f96bd57c3ccdcde4335a0be28cd3e8fe296993de patch

Affected products

GPAC

==2.2
==2.0
==2.1
==2.4.0
==2.3

Matching in nixpkgs

pkgs.gpac

Open Source multimedia framework for research and academic purposes

nixos-unstable 2.4.0
- nixpkgs-unstable 2.4.0
- nixos-unstable-small 2.4.0

pkgs.msgpack

MessagePack implementation for C and C++

pkgs.msgpack-c

MessagePack implementation for C

nixos-unstable 6.1.0
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0

pkgs.msgpack-cxx

MessagePack implementation for C++

nixos-unstable 7.0.0
- nixpkgs-unstable 7.0.0
- nixos-unstable-small 7.0.0

pkgs.gpac-unstable

Open Source multimedia framework for research and academic purposes

nixos-unstable 2.4-unstable-2025-10-26
- nixpkgs-unstable 2.4-unstable-2025-10-26
- nixos-unstable-small 2.4-unstable-2025-10-26

pkgs.msgpack-tools

Command-line tools for converting between MessagePack and JSON

nixos-unstable 0.6
- nixpkgs-unstable 0.6
- nixos-unstable-small 0.6

pkgs.rubyPackages.msgpack

None

nixos-unstable 1.8.0
- nixpkgs-unstable 1.8.0
- nixos-unstable-small 1.8.0

pkgs.phpExtensions.msgpack

PHP extension for interfacing with MessagePack

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0

pkgs.haskellPackages.msgpack

A Haskell implementation of MessagePack

nixos-unstable 1.0.1.0
- nixpkgs-unstable 1.0.1.0
- nixos-unstable-small 1.0.1.0

pkgs.perlPackages.MsgPackRaw

Perl bindings to the msgpack C library

nixos-unstable 0.05
- nixpkgs-unstable 0.05
- nixos-unstable-small 0.05

pkgs.php81Extensions.msgpack

PHP extension for interfacing with MessagePack

pkgs.php82Extensions.msgpack

PHP extension for interfacing with MessagePack

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0

pkgs.php83Extensions.msgpack

PHP extension for interfacing with MessagePack

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0

pkgs.php84Extensions.msgpack

PHP extension for interfacing with MessagePack

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0

pkgs.luaPackages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.rubyPackages_3_1.msgpack

None

pkgs.rubyPackages_3_2.msgpack

None

pkgs.rubyPackages_3_3.msgpack

None

nixos-unstable 1.8.0
- nixpkgs-unstable 1.8.0
- nixos-unstable-small 1.8.0

pkgs.rubyPackages_3_4.msgpack

None

nixos-unstable 1.8.0
- nixpkgs-unstable 1.8.0
- nixos-unstable-small 1.8.0

pkgs.rubyPackages_3_5.msgpack

None

nixos-unstable 1.8.0
- nixpkgs-unstable 1.8.0
- nixos-unstable-small 1.8.0

pkgs.python312Packages.msgpack

MessagePack serializer implementation

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1

pkgs.python313Packages.msgpack

MessagePack serializer implementation

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1

pkgs.lua51Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.lua52Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.lua53Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.lua54Packages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.perl538Packages.MsgPackRaw

Perl bindings to the msgpack C library

nixos-unstable 0.05
- nixpkgs-unstable 0.05
- nixos-unstable-small 0.05

pkgs.perl540Packages.MsgPackRaw

Perl bindings to the msgpack C library

nixos-unstable 0.05
- nixpkgs-unstable 0.05
- nixos-unstable-small 0.05

pkgs.luajitPackages.lua-cmsgpack

MessagePack C implementation and bindings for Lua 5.1/5.2/5.3

nixos-unstable 0.4.0-0
- nixpkgs-unstable 0.4.0-0
- nixos-unstable-small 0.4.0-0

pkgs.python312Packages.ormsgpack

Fast msgpack serialization library for Python derived from orjson

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.12.0

pkgs.python313Packages.ormsgpack

Fast msgpack serialization library for Python derived from orjson

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.12.0

pkgs.haskellPackages.data-msgpack

A Haskell implementation of MessagePack

nixos-unstable 0.0.13
- nixpkgs-unstable 0.0.13
- nixos-unstable-small 0.0.13

pkgs.python312Packages.msgpack-numpy

Numpy data type serialization using msgpack

nixos-unstable 0.4.8
- nixpkgs-unstable 0.4.8
- nixos-unstable-small 0.4.8

pkgs.python313Packages.msgpack-numpy

Numpy data type serialization using msgpack

nixos-unstable 0.4.8
- nixpkgs-unstable 0.4.8
- nixos-unstable-small 0.4.8

pkgs.haskellPackages.data-msgpack-types

A Haskell implementation of MessagePack

nixos-unstable 0.0.3
- nixpkgs-unstable 0.0.3
- nixos-unstable-small 0.0.3

pkgs.python312Packages.u-msgpack-python

Portable, lightweight MessagePack serializer and deserializer written in pure Python

nixos-unstable 2.8.0
- nixpkgs-unstable 2.8.0
- nixos-unstable-small 2.8.0

pkgs.python313Packages.u-msgpack-python

Portable, lightweight MessagePack serializer and deserializer written in pure Python

nixos-unstable 2.8.0
- nixpkgs-unstable 2.8.0
- nixos-unstable-small 2.8.0

pkgs.chickenPackages_5.chickenEggs.msgpack

MessagePack implementation for CHICKEN

nixos-unstable 1.0.3
- nixpkgs-unstable 1.0.3
- nixos-unstable-small 1.0.3

Package maintainers

@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@redbaron Maxim Ivanov <ivanov.maxim@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>
@figsoda figsoda <figsoda@pm.me>
@aanderse Aaron Andersen <aaron@fosslib.net>
@ostrolucky Gabriel Ostrolucký <gabriel.ostrolucky@gmail.com>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
@aborsu Augustin Borsu <a.borsu@gmail.com>
@sarahec Sarah Clark <seclark@nextquestion.net>
@thesn10 TheSN