CVE-2026-9572

Description

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The name of the patch is e79c5cbe8b3fed27f4854ec229457d30c96206f1. It is best practice to apply a patch to resolve this issue.

CVSS v3.1 Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS — Exploit Prediction

0.0001

Probability of exploitation

0.02%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-401 CWE-401

CWE-404 CWE-404

References

Other References

https://github.com/gpac/gpac/ https://github.com/gpac/gpac/commit/e79c5cbe8b3fed27f4854ec229457d30c96206f1 https://github.com/gpac/gpac/issues/3557 https://github.com/user-attachments/files/27270415/poc.zip https://vuldb.com/submit/817137 https://vuldb.com/vuln/365631 https://vuldb.com/vuln/365631/cti

Frequently Asked Questions

What is CVE-2026-9572? +

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The name of the patch is e79c5cbe8b3fed27f4854ec229457d30c96206f1. It is best practice to apply a patch to resolve this issue. It has a CVSS v3.1 base score of 3.3 (LOW).

How severe is CVE-2026-9572? +

CVE-2026-9572 has a CVSS v3.1 score of 3.3 out of 10, rated LOW. This is a low-severity vulnerability with limited impact. The EPSS score is 0.0001, placing it in the 0th percentile for exploitation probability.

How do I check if I'm vulnerable to CVE-2026-9572? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-44660

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, …

CVE-2024-25450 8.8

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().

CVE-2025-20133 8.6

A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall …

CVE-2025-20239 8.6

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall …

CVE-2024-20304 8.6

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote …

CVE-2025-29828 8.1

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a …