Nixpkgs security tracker
5.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Exploit Code Maturity (E): Proof-of-Concept (P)
- Remediation Level (RL): Official Fix (O)
- Report Confidence (RC): Confirmed (C)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
GPAC MP4Box box_code_base.c elng_box_read out-of-bounds
A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The patch is named cf6ac48c972eaaee2af270adc3f36615325deb3e. The affected component should be upgraded.
References
-
-
-
Submit #800985 | gpac laster Memory Corruption third-party-advisory
-
-
https://github.com/gpac/gpac/ product
Affected products
- ==26.03-DEV-rev105-g8f39a1eb3-master
Matching in nixpkgs
pkgs.gpac
Open Source multimedia framework for research and academic purposes
pkgs.msgpack-c
MessagePack implementation for C
pkgs.msgpack-cxx
MessagePack implementation for C++
pkgs.gpac-unstable
Open Source multimedia framework for research and academic purposes
-
nixos-unstable 2.4.0-unstable-2026-01-30
- nixpkgs-unstable 2.4.0-unstable-2026-01-30
- nixos-unstable-small 2.4.0-unstable-2026-01-30
-
nixos-25.11 2.4.0-unstable-2025-12-23
- nixos-25.11-small 2.4.0-unstable-2025-12-23
- nixpkgs-25.11-darwin 2.4.0-unstable-2025-12-23
pkgs.msgpack-tools
Command-line tools for converting between MessagePack and JSON
pkgs.rubyPackages.msgpack
None
pkgs.phpExtensions.msgpack
PHP extension for interfacing with MessagePack
pkgs.haskellPackages.msgpack
A Haskell implementation of MessagePack
pkgs.perlPackages.MsgPackRaw
Perl bindings to the msgpack C library
pkgs.php82Extensions.msgpack
PHP extension for interfacing with MessagePack
pkgs.php83Extensions.msgpack
PHP extension for interfacing with MessagePack
pkgs.php84Extensions.msgpack
PHP extension for interfacing with MessagePack
pkgs.php85Extensions.msgpack
PHP extension for interfacing with MessagePack
pkgs.luaPackages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.perl5Packages.MsgPackRaw
Perl bindings to the msgpack C library
pkgs.rubyPackages_3_3.msgpack
None
pkgs.rubyPackages_3_4.msgpack
None
pkgs.rubyPackages_4_0.msgpack
None
pkgs.python312Packages.msgpack
MessagePack serializer implementation
pkgs.python313Packages.msgpack
MessagePack serializer implementation
pkgs.python314Packages.msgpack
MessagePack serializer implementation
pkgs.lua51Packages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.lua52Packages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.lua53Packages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.lua54Packages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.lua55Packages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.perl538Packages.MsgPackRaw
Perl bindings to the msgpack C library
pkgs.perl540Packages.MsgPackRaw
Perl bindings to the msgpack C library
pkgs.luajitPackages.lua-cmsgpack
MessagePack C implementation and bindings for Lua 5.1/5.2/5.3
pkgs.python312Packages.ormsgpack
Fast msgpack serialization library for Python derived from orjson
pkgs.python313Packages.ormsgpack
Fast msgpack serialization library for Python derived from orjson
pkgs.python314Packages.ormsgpack
Fast msgpack serialization library for Python derived from orjson
pkgs.haskellPackages.data-msgpack
A Haskell implementation of MessagePack
pkgs.python312Packages.msgpack-numpy
Numpy data type serialization using msgpack
pkgs.python313Packages.msgpack-numpy
Numpy data type serialization using msgpack
pkgs.python314Packages.msgpack-numpy
Numpy data type serialization using msgpack
pkgs.haskellPackages.data-msgpack-types
A Haskell implementation of MessagePack
pkgs.python312Packages.u-msgpack-python
Portable, lightweight MessagePack serializer and deserializer written in pure Python
pkgs.python313Packages.u-msgpack-python
Portable, lightweight MessagePack serializer and deserializer written in pure Python
pkgs.python314Packages.u-msgpack-python
Portable, lightweight MessagePack serializer and deserializer written in pure Python
Package maintainers
-
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
-
@thesn10 TheSN
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@deejayem David Morgan <nixpkgs.bu5hq@simplelogin.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
-
@ostrolucky Gabriel Ostrolucký <gabriel.ostrolucky@gmail.com>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@sarahec Sarah Clark <seclark@nextquestion.net>
-
@aborsu Augustin Borsu <a.borsu@gmail.com>