CVE-2024-6064

Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master

Description: A problem was found in the function xmt node end of the file src/scene manager/loader xmt.c of the component MP4Box. The issue leads to use after free. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Recommendations: To fix this issue, apply the patch f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf690567980d96662f5. As a temporary workaround, consider disabling the xmt node end function until the patch is applied. Restrict access to the loader xmt.c file to minimize the risk of exploitation.