Nixpkgs security tracker
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
40 packages
- msgpack-c
- msgpack-cxx
- gpac-unstable
- msgpack-tools
- rubyPackages.msgpack
- phpExtensions.msgpack
- haskellPackages.msgpack
- perlPackages.MsgPackRaw
- php82Extensions.msgpack
- php83Extensions.msgpack
- php84Extensions.msgpack
- php85Extensions.msgpack
- luaPackages.lua-cmsgpack
- perl5Packages.MsgPackRaw
- rubyPackages_3_3.msgpack
- rubyPackages_3_4.msgpack
- rubyPackages_4_0.msgpack
- python312Packages.msgpack
- python313Packages.msgpack
- python314Packages.msgpack
- lua51Packages.lua-cmsgpack
- lua52Packages.lua-cmsgpack
- lua53Packages.lua-cmsgpack
- lua54Packages.lua-cmsgpack
- lua55Packages.lua-cmsgpack
- perl538Packages.MsgPackRaw
- perl540Packages.MsgPackRaw
- luajitPackages.lua-cmsgpack
- python312Packages.ormsgpack
- python313Packages.ormsgpack
- python314Packages.ormsgpack
- haskellPackages.data-msgpack
- python312Packages.msgpack-numpy
- python313Packages.msgpack-numpy
- python314Packages.msgpack-numpy
- haskellPackages.data-msgpack-types
- python312Packages.u-msgpack-python
- python313Packages.u-msgpack-python
- python314Packages.u-msgpack-python
- chickenPackages_5.chickenEggs.msgpack
- @LeSuisse accepted
- @LeSuisse published on GitHub
GPAC MP4Box box_code_base.c elng_box_read out-of-bounds
A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The patch is named cf6ac48c972eaaee2af270adc3f36615325deb3e. The affected component should be upgraded.
References
Ignored references (4)
-
-
Submit #800985 | gpac laster Memory Corruption third-party-advisory
-
https://github.com/gpac/gpac/ product
Affected products
- ==26.03-DEV-rev105-g8f39a1eb3-master
Matching in nixpkgs
Ignored packages (40)
pkgs.msgpack-c
MessagePack implementation for C
pkgs.msgpack-cxx
MessagePack implementation for C++
pkgs.gpac-unstable
Open Source multimedia framework for research and academic purposes
-
nixos-unstable 2.4.0-unstable-2026-01-30
- nixpkgs-unstable 2.4.0-unstable-2026-01-30
- nixos-unstable-small 2.4.0-unstable-2026-01-30
-
nixos-25.11 2.4.0-unstable-2025-12-23
- nixos-25.11-small 2.4.0-unstable-2025-12-23
- nixpkgs-25.11-darwin 2.4.0-unstable-2025-12-23
pkgs.msgpack-tools
Command-line tools for converting between MessagePack and JSON
pkgs.rubyPackages.msgpack
None
pkgs.phpExtensions.msgpack
PHP extension for interfacing with MessagePack
pkgs.haskellPackages.msgpack
A Haskell implementation of MessagePack
pkgs.perlPackages.MsgPackRaw
Perl bindings to the msgpack C library
pkgs.php82Extensions.msgpack
PHP extension for interfacing with MessagePack
pkgs.php83Extensions.msgpack
PHP extension for interfacing with MessagePack
pkgs.php84Extensions.msgpack
PHP extension for interfacing with MessagePack
pkgs.php85Extensions.msgpack
PHP extension for interfacing with MessagePack
pkgs.luaPackages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.perl5Packages.MsgPackRaw
Perl bindings to the msgpack C library
pkgs.rubyPackages_3_3.msgpack
None
pkgs.rubyPackages_3_4.msgpack
None
pkgs.rubyPackages_4_0.msgpack
None
pkgs.python312Packages.msgpack
MessagePack serializer implementation
pkgs.python313Packages.msgpack
MessagePack serializer implementation
pkgs.python314Packages.msgpack
MessagePack serializer implementation
pkgs.lua51Packages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.lua52Packages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.lua53Packages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.lua54Packages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.lua55Packages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.perl538Packages.MsgPackRaw
Perl bindings to the msgpack C library
pkgs.perl540Packages.MsgPackRaw
Perl bindings to the msgpack C library
pkgs.luajitPackages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.python312Packages.ormsgpack
Fast msgpack serialization library for Python derived from orjson
pkgs.python313Packages.ormsgpack
Fast msgpack serialization library for Python derived from orjson
pkgs.python314Packages.ormsgpack
Fast msgpack serialization library for Python derived from orjson
pkgs.haskellPackages.data-msgpack
A Haskell implementation of MessagePack
pkgs.python312Packages.msgpack-numpy
Numpy data type serialization using msgpack
pkgs.python313Packages.msgpack-numpy
Numpy data type serialization using msgpack
pkgs.python314Packages.msgpack-numpy
Numpy data type serialization using msgpack
pkgs.haskellPackages.data-msgpack-types
A Haskell implementation of MessagePack
pkgs.python312Packages.u-msgpack-python
Portable, lightweight MessagePack serializer and deserializer written in pure Python
pkgs.python313Packages.u-msgpack-python
Portable, lightweight MessagePack serializer and deserializer written in pure Python
pkgs.python314Packages.u-msgpack-python
Portable, lightweight MessagePack serializer and deserializer written in pure Python
Package maintainers
-
@thesn10 TheSN
-
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>