TuxJam 131 – AliBazBaz is out, with Dave MIA, @mralc, @mcnalu and @kevie take up the reigns and look at the #gaming distro Bazzite and #Android dashcam application Alibi. #TuxJamHalfCut gets announced on the show for the first time and there is also the usual mix of #ccmusic https://tuxjam.otherside.network/tuxjam-131-alibazbaz/
#TuxJam #linux #Podcast #bazzite

After reading @rl_dane's post, I wanted to share how I manage my #bookmarks, and add some quick #notes using #neovim.

#editors #vi #vim #shell #fediverse #bsd #linux
https://lazybea.rs/ils-bookmarks-and-notes

If someone asked me to describe the Unix philosophy in the modern era, I'd say: build small tools that do one thing well, make them work together through open standards, automate repetitive tasks, keep systems transparent, and empower users rather than lock them into platforms. The tools may have changed, but simplicity, composability, and freedom remain timeless.
#linux
#unix
#gnu
#freebsd
#openbsd
#netbsd

⋅ Fedora Is Building a Web-Based Remote Installer for Headless Systems

Fedora is working on a browser-based remote installation for Anaconda, targeting headless systems, ARM boards, and network installs.

− https://linuxiac.com/fedora-is-building-a-web-based-remote-installer-for-headless-systems/

#Fedora #Gnu #Linux

    Workspace 1
    Workspace 2
    Workspace 3

    Firefox            -> Tag 1 (Web Browsing)
    st (nvi/dev)       -> Tag 2 (Code/Scripts)
    st (Monitor/Logs)  -> Tag 1 + Tag 2 (Persistent)

#suckless #dwm #unix #linux #sysadmin

For a decade I carried two iPhones: one personal, one for work. Neither ever felt at home in my Linux and BSD world.

Now it's a single Fairphone Gen6. Repairable with a screwdriver, 8 years of updates, separate work and personal profiles on one device, and it actually talks to my KDE desktop over KDE Connect.

Immich, Nextcloud, K-9 Mail, Tusky, KeePassDX, and finally GPG mail in my pocket. The camera is meh. Everything else is a clear win.

https://blog.hofstede.it/leaving-the-apple-ecosystem-one-fairphone-instead-of-two-iphones/

#Fairphone #Android #FOSS #Linux #FDroid

I love that feeling you get when you finish tuning your Linux desktop box with everything optimized and "just so" and nothing left to mess with or install. Colours, wallpaper, apps, hardware acceleration, menus, widgets/plasmoids, filesystems backed up, etc.

Oh, that's just me?

Never mind. Carry on.

#Linux #AlpineLinux

Step 1: Open terminal
Step 2: Type `alias nano='vim -c "smile"'`
Step 3: Enjoy this whenever someone type `nano`!

#SysAdmin #Linux #FreeBSD

Alt...

This screenshot shows green ASCII art of the Vim ester eggs on a dark retro terminal screen, with the "Press ENTER or type command to continue" prompt displayed at the bottom when you type nano at the cli via bash alias: alias nano='vim -c "smile"'

#Mozilla #Thunderbird 152 Email Client Updates GMail OAuth to Use PKCE https://9to5linux.com/mozilla-thunderbird-152-email-client-updates-gmail-oauth-to-use-pkce

#OpenSource #FreeSoftware #Linux

Alt...

A screenshot of Mozilla Thunderbird 152 showing the main window and the About Mozilla Thunderbird dialog.

Security Advisory: CVE-2025-70102 - NULL Pointer Dereference in dhcpcd parse_option

Summary
A crafted dhcpcd configuration input can trigger undefined behavior in the configuration parser by causing `parse_option()` to access a member through a NULL `struct dhcp_opt` pointer.

The issue is located in `src/if-options.c` in `parse_option()`. During parsing of malformed or unexpected option data, the lookup/parsing path can leave the local DHCP option pointer unset. The affected code then assumes the option pointer is valid and accesses embedded option metadata through it, which results in a NULL pointer member access at `src/if-options.c:1886`.

CWE:
CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Affected Component:
```
src/if-options.c:1886
Function: parse_option()
```

Affected Product:
dhcpcd

Affected Version:
The issue was reproduced against dhcpcd commit:
```
2de751b3691642151a4fdc49e444d6b4dc364e98
```

Attack Conditions:
An attacker must cause dhcpcd to process a crafted configuration input that reaches the vulnerable option parsing path. The issue was reproduced in an instrumented fuzzing build of the dhcpcd configuration reader.

Impact:
The vulnerability causes undefined behavior and process termination under the sanitizer build, resulting in Denial of Service. No evidence of arbitrary code execution was observed in the local crash data.

Fix:
The issue was fixed in dhcpcd commit:
```
117742d755b591764036dd4218f314f748a3d2b7
```
The fix ensures that the pointed-to local DHCP option entry is non-NULL before it is dereferenced. Users should update to a dhcpcd build containing this commit or later.

References:
- Issue: https://github.com/NetworkConfiguration/dhcpcd/issues/567
- Fix: https://github.com/NetworkConfiguration/dhcpcd/commit/117742d755b591764036dd4218f314f748a3d2b7
- PoC: https://github.com/sigdevel/pocs/blob/main/res/dhcpcd/1/if-options_c_1886/if-options_c_1886

Credits:
Alexander A. Shvedov (@sigdevel)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #dhcp #net #dhcpcd

Security Advisory: CVE-2025-55663 - NULL Pointer Dereference in GPAC MP4Box Track Descriptor Handling

Summary:
Processing a crafted MP4 file containing an unsupported box type with `MP4Box` can trigger a NULL or invalid pointer dereference in `Track_SetStreamDescriptor()`, causing a Denial of Service.

The `Track_SetStreamDescriptor()` function in `isomedia/track.c` mishandles sample entry pointers when importing malformed MP4 files containing an unknown `svcC` box inside an `av01` parent box. The unsupported box path can leave the relevant sample entry pointer uninitialized or invalid, and the import/update path later dereferences it.

AddressSanitizer reports a `SEGV` caused by a `READ` memory access at `isomedia/track.c:1677`.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
isomedia/track.c:1677
Function: Track_SetStreamDescriptor()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
15a4ac2dff38cdbb8b43e7c84fb1595ee80d81ac
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing an unsupported `svcC` box inside an `av01` parent box. The issue can be reproduced locally with:
```
./MP4Box -add 8_poc.mp4 -new /dev/null -ab 1024
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.

Impact:
The immediate observed impact is Denial of Service due to process termination. The local MITRE data notes potential code execution risk; the observed trace shows an invalid read and segmentation fault.

Fix:
The issue was fixed in GPAC commit:
```
78c2c9be29a41b38eca2c53d280442088a71dab9
```

Users should update to a GPAC build containing this commit or later. The affected code should validate sample entry pointers and unsupported box handling before changing stream descriptors or importing media configuration.

References
- Issue: https://github.com/gpac/gpac/issues/3143
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/8/8_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/78c2c9be29a41b38eca2c53d280442088a71dab9

Credits
Alexander A. Shvedov (@sigdevel)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

CVE-2025-55661 - Heap Buffer Overflow in GPAC MP4Box Opus Header Parser

Summary:
Processing a crafted MP4 file containing malformed Opus audio packets with MP4Box can trigger a heap buffer overflow in `gf_opus_parse_packet_header()`, causing a crash and possible information disclosure from an out-of-bounds heap read.

The `gf_opus_parse_packet_header()` function in `media_tools/av_parsers.c` does not sufficiently validate the input buffer size before reading Opus packet header fields. When MP4Box parses crafted Opus audio packet data, the parser reads one byte beyond the end of a heap-allocated sample buffer.

AddressSanitizer reports a heap-buffer-overflow at `media_tools/av_parsers.c:11326`, with a `READ of size 1` immediately after a 3-byte heap region allocated by `Media_GetSample()`.

Affected Component:
`media_tools/av_parsers.c:11326`

Function: `gf_opus_parse_packet_header()`

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
GPAC MP4Box v2.4
The issue was reproduced on a GPAC build at commit `ff8249a407685d00ceb5f4d2a798b9cad195140e`.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed Opus audio packet data, such as an invalid TOC code 3 length. The issue can be reproduced with:
```
./MP4Box 9_poc.mp4 -dxml -out /dev/null
```
No elevated privileges are required. The attack is context-dependent because attacker-controlled media may be processed by MP4Box in automated workflows; manual processing also triggers the issue.

Impact:
The observed impact is denial of service due to process termination. Because the bug reads beyond a heap allocation, adjacent heap memory disclosure may also be possible.

CWE:
CWE-122 - Heap-based Buffer Overflow

Fix:
The issue was fixed in GPAC commit `d523e7190ccdcf2c13a698080f4f30dc933bd34c`.

Users should update to a GPAC build containing this commit or later. The affected Opus parser should validate the sample buffer length before reading TOC and packet header fields.

References:
- Issue: https://github.com/gpac/gpac/issues/3160
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/9/9_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/d523e7190ccdcf2c13a698080f4f30dc933bd34c

Credits:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55660 - Stack-based Buffer Overflow in GPAC MP4Box Opus Parser

Summary:
Processing a crafted MP4 file containing malformed Opus audio packets with `MP4Box` can trigger a stack-based buffer overflow in `gf_opus_read_length()`, causing a crash and potential memory corruption.

The `gf_opus_read_length()` function in `media_tools/av_parsers.c` does not sufficiently validate Opus packet sizes before writing packet length information. When MP4Box parses a crafted MP4 file containing malformed non-self-delimited Opus packet data, the parser can write two bytes beyond the bounds of a stack object used by the Opus inspection path.

AddressSanitizer reports a `stack-buffer-overflow` at `media_tools/av_parsers.c:11140`, with a `WRITE of size 2` overflowing the `pckh` stack object in `gf_inspect_dump_opus_internal()`.

CWE:
CWE-121 - Stack-based Buffer Overflow

Affected Component:
```
media_tools/av_parsers.c:11140
Function: gf_opus_read_length()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
ff8249a407685d00ceb5f4d2a798b9cad195140e
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed Opus audio packets, such as a non-self-delimited Opus packet with an invalid odd length. The issue can be reproduced locally with:
```
./MP4Box -add 7_poc.mp4 -dxml -out /dev/null
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.

Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a stack-based buffer overflow with attacker-controlled media input, memory corruption and potential arbitrary code execution cannot be ruled out.

Fix:
The issue was fixed in GPAC commit:
```
d523e7190ccdcf2c13a698080f4f30dc933bd34c
```

Users should update to a GPAC build containing this commit or later. The affected Opus parsing code should validate packet sizes and frame-length constraints before writing length fields into packet header structures.

References:
- Issue: https://github.com/gpac/gpac/issues/3161
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/7/7_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/d523e7190ccdcf2c13a698080f4f30dc933bd34c

Credits:
Alexander A. Shvedov (@sigdevel)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55652 - Heap Buffer Overflow in GPAC MP4Box VP Configuration Handling

Processing a crafted MP4 file with malformed VP codec configuration data can trigger a heap buffer overflow in `gf_isom_vp_config_new()`, causing a crash and potential memory corruption.

Summary:
The `gf_isom_vp_config_new()` function in `isomedia/avc_ext.c` does not sufficiently validate buffer boundaries when creating VP codec configuration boxes. A crafted MP4 file with malformed VP codec data, including unknown box types such as `D0ncv` in `stsd`, can cause MP4Box to allocate an undersized box structure and then write VP/NALU configuration data beyond the allocation.

CWE:
CWE-122 - Heap-based Buffer Overflow

Affected Component:
```
isomedia/avc_ext.c:1962
Function: gf_isom_vp_config_new()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
74fecde32cd477ab097f3e6db55a32b259f3313d
```
Builds before the fix commit `ad3b541b4f38c8f0ef67544509598f8207ea1207` should be considered affected if they contain the vulnerable VP configuration allocation/write path.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed VP codec configuration data. The issue can be reproduced locally with:
```
./MP4Box -dash 10000 ./18_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is an out-of-bounds heap write, memory corruption and potential arbitrary code execution cannot be ruled out.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
ad3b541b4f38c8f0ef67544509598f8207ea1207
```

References:
- Issue: https://github.com/gpac/gpac/issues/3242
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/18/18_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/ad3b541b4f38c8f0ef67544509598f8207ea1207

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

CVE-2025-55650 - Heap Use-After-Free in GPAC MP4Box SVG Node Handling

Summary
Processing a crafted MP4 file with `MP4Box -svg` can trigger a heap use-after-free in `gf_svg_node_del()`, causing a crash and possible memory corruption.

The `gf_svg_node_del()` function in `scenegraph/svg_types.c` does not ensure that freed SVG node memory is not accessed again during scene graph cleanup. When MP4Box parses a crafted MP4 file through the MPEG-4 LASeR/SVG scene dump path, an SVG node is freed and then dereferenced again.

AddressSanitizer reports a heap-use-after-free at `scenegraph/svg_types.c:107`, with a `READ of size 8` from a 24-byte heap region that was previously freed in `gf_svg_node_del()` at `scenegraph/svg_types.c:126` and allocated by `gf_svg_create_node()` at `scenegraph/svg_types.c:65`.

Affected Component
`scenegraph/svg_types.c:107`

Function: `gf_svg_node_del()`

Affected Product
MP4Box (GPAC Multimedia Open Source Project)

Affected Version
GPAC MP4Box v2.4.

The issue was reproduced on a GPAC build at commit `46be5f928660530d5332cd2f1d177208737558ef`.

Attack Conditions
An attacker supplies a crafted MP4 file that reaches the SVG/LASeR scene parsing path. The issue can be reproduced with:

```
./MP4Box -svg 10_poc.mp4
```

No elevated privileges are required. User interaction is required when a victim manually processes the malicious MP4 file; automated workflows that invoke MP4Box on attacker-controlled media may also trigger the issue.

Impact
The observed impact is denial of service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution cannot be ruled out.

CWE
CWE-416 - Use After Free

Fix
The issue was fixed in GPAC commit `6be6f62e2a079ebccf3a9e57c27787fd16e645de`.

Users should update to a GPAC build containing this commit or later. The affected scene graph cleanup code should prevent use of freed SVG nodes and ensure node lifetime and registration state are handled consistently during scene reset and deletion.

References
- Issue: https://github.com/gpac/gpac/issues/3162
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/10/10_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/6be6f62e2a079ebccf3a9e57c27787fd16e645de

Credits
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55649 - NULL Pointer Dereference in GPAC MP4Box ESD Mapping

Processing a crafted MP4 file with corrupted Elementary Stream Descriptor data can trigger a NULL pointer dereference in `gf_media_map_esd()`, causing a Denial of Service.

Summary:
The `gf_media_map_esd()` function in `media_tools/isom_tools.c` does not verify that `esd->URLString` is non-NULL before passing it to `strlen()`. When MP4Box processes a crafted MP4 file containing corrupted ESD data during fragmentation setup, `URLString` can be NULL and the process crashes while reading from address `0x000000000000`.

AddressSanitizer reports a `SEGV` in `strlen()`, with the GPAC call site at `media_tools/isom_tools.c:1359`.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
media_tools/isom_tools.c:1359
Function: gf_media_map_esd()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
09e7063ed0a13b4cee9a180a56dcc21e9f9ade07
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted ESD data. The issue can be reproduced locally with:
```
./MP4Box -frag 1500 11_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.

Impact:
The immediate observed impact is Denial of Service due to process termination. The crash is a NULL pointer dereference on the zero page; no evidence of arbitrary code execution was observed.

Fix / mitigation status:
The local CVE/MITRE data references GPAC fix commit:
```
10c16d54659b1b82dd49573dfeacfa9a5627a115
```
Users should update to a GPAC build containing this commit or later. The affected code should validate `esd`, `esd->URLString`, and related ESD fields before string operations.

References:
- Issue: https://github.com/gpac/gpac/issues/3183
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/11/11_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/10c16d54659b1b82dd49573dfeacfa9a5627a115

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55648 - Heap Buffer Overflow in GPAC MP4Box Opus Packet Parser

Processing a crafted MP4 file containing corrupted Opus sample-size data with `MP4Box` can trigger a heap buffer overflow in `gf_opus_parse_packet_header()`, causing a crash and potential memory corruption impact.

Summary:
The `gf_opus_parse_packet_header()` function in `media_tools/av_parsers.c` does not sufficiently validate the input buffer length before parsing Opus packet headers. When MP4Box processes a crafted MP4 file with corrupted sample-size (`stsz`) data, the parser reads beyond the bounds of a heap-allocated sample buffer.
AddressSanitizer reports a `heap-buffer-overflow` at `media_tools/av_parsers.c:11297`, with a `READ of size 1` 1242 bytes past a 32-byte heap region allocated by `Media_GetSample()`.

CWE:
CWE-122 - Heap-based Buffer Overflow

Affected Component:
```
media_tools/av_parsers.c:11297
Function: gf_opus_parse_packet_header()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
61bbfd2e89553373ba3449b8ec05b5f098d732a5
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted Opus sample-size (`stsz`) data. The issue can be reproduced locally with:
```
./MP4Box 12_poc.mp4 -dxml
```
No elevated privileges are required. The CVE text describes the attack as network/context-dependent because attacker-controlled media may be processed by MP4Box in automated workflows; manual processing also triggers the issue.

Impact:
The immediate observed impact is Denial of Service due to process termination. Because the bug reads beyond a heap allocation, information disclosure may be possible. The local MITRE data also notes potential arbitrary code execution risk, though the observed ASAN trace is an out-of-bounds read.

Fix / mitigation status:
The local CVE/MITRE data references GPAC fix commit:
```
cea49f684dbc4d53ecd6c76a9623838802a68d88
```

Users should update to a GPAC build containing this commit or later. The affected Opus parser should validate sample buffer length and `stsz`-derived packet sizes before reading packet header fields.

References:
- Issue: https://github.com/gpac/gpac/issues/3190
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/12/12_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/cea49f684dbc4d53ecd6c76a9623838802a68d88

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55647 - Integer Overflow in GPAC MP4Box PSSH Handling

Processing a crafted MP4 file with malformed Protection System Specific Header (PSSH) data can trigger an integer overflow and uncontrolled allocation in `mp4_mux_cenc_insert_pssh()`, causing Denial of Service through memory exhaustion.

Summary:
The `mp4_mux_cenc_insert_pssh()` function in `filters/mux_isom.c` does not sufficiently validate PSSH sizes before allocating memory. A crafted MP4 file can set PSSH-related fields such as `kid_count` or `dataSize` to very large values. This can overflow the buffer size calculation and cause MP4Box to attempt a very large allocation during DASH/mux processing.

AddressSanitizer reports an out-of-memory condition at `filters/mux_isom.c:4326`, where `realloc()` attempts to allocate `0xe40000100` bytes.

CWE:
CWE-190 - Integer Overflow or Wraparound

Affected Component:
```
filters/mux_isom.c:4326
Function: mp4_mux_cenc_insert_pssh()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
e95f3064d846e4606276fff111e0f97df1576a04
```
Builds before the fix commit `2a1f638534cddf511a7ba06618bff9d587141792` should be considered affected if they contain the vulnerable PSSH allocation path.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed PSSH/CENC metadata. The issue can be reproduced locally with:
```
./MP4Box -dash 10000 ./15_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to memory exhaustion and process termination. Because the root cause is an integer overflow in allocation-size calculation, memory corruption and potential arbitrary code execution cannot be ruled out.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
2a1f638534cddf511a7ba06618bff9d587141792
```

References:
- Issue: https://github.com/gpac/gpac/issues/3235
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/15/15_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/2a1f638534cddf511a7ba06618bff9d587141792
- Related fix/reference: https://github.com/gpac/gpac/commit/3111995

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55644 - Use-After-Free in GPAC MP4Box

Processing a crafted MP4 file with invalid BIFS GlobalQuantizer commands causes gf_node_get_tag() to access a freed 192-byte QuantizationParameter node at scenegraph/base_scenegraph.c:1263, resulting in a heap use-after-free and crash.

Summary:
During MPEG-4 BIFS scene decoding, BM_ParseGlobalQuantizer() in bifs/memory_decoder.c first calls gf_node_unregister() at line 176 to release a QuantizationParameter node, freeing the 192-byte heap region. Without clearing the stale pointer, the function then calls gf_node_get_tag() on the same address at line 181, performing a READ of 8 bytes at offset 0 into the freed region. A crafted MP4 containing invalid GlobalQuantizer BIFS commands, corrupted ODF descriptors, and malformed box types (PEC1808, fre) reliably triggers this free-then-use sequence through the -svg dump path.

CWE:
CWE-416 - Use After Free

Affected Component:
```
scenegraph/base_scenegraph.c:1263
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box 2.4 and earlier; tested at commit f5b7cdc63a7f3269040778c5431a8f6c310bc9f3

Attack Conditions:
An attacker supplies a locally accessible crafted MP4 file embedding invalid BIFS scene data. The victim runs MP4Box -svg on the file to trigger BIFS scene parsing. No elevated privileges are required.

Impact:
The use-after-free causes a fatal crash (Denial of Service). Use-after-free vulnerabilities can allow attackers to control freed heap memory contents and potentially redirect execution flow; code execution cannot be excluded.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
63eccc33d4a2b731ebb31581ff5673a2c0b13ad4
```
Users should update to a GPAC build containing this commit or later.

References:
- Issue: https://github.com/gpac/gpac/issues/3246
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/20/20_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/63eccc33d4a2b731ebb31581ff5673a2c0b13ad4

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55645 - Heap Buffer Overflow in GPAC MP4Box PSSH Copy

Processing a crafted MP4 file with malformed PSSH data can trigger a heap buffer overflow in `gf_cenc_set_pssh()`, causing a crash and potential memory disclosure or memory corruption impact.

Summary:
The `gf_cenc_set_pssh()` function in `isomedia/drm_sample.c` does not sufficiently validate the size of PSSH data before copying it into a heap buffer. A crafted MP4 file can declare an oversized PSSH payload, causing MP4Box to copy a very large amount of data from a 512-byte heap allocation during DASH/CENC processing.

CWE:
CWE-120 - Buffer Copy without Checking Size of Input

Affected Component:
```
isomedia/drm_sample.c:982
Function: gf_cenc_set_pssh()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The local MITRE workbook also lists `2.5-DEV-rev228-g11067ea92-master` as affected. The issue was reproduced on a GPAC build at commit:

```
e95f3064d846e4606276fff111e0f97df1576a04
```

Builds before the fix commit `df0c81722847238659a6beb0feab2c1ecd05c020` should be considered affected if they contain the vulnerable PSSH copy path.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed PSSH/CENC metadata with an oversized declared payload. The issue can be reproduced locally with:

```
./MP4Box -dash 10000 ./16_poc.mp4
```

No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to process termination. Because the bug performs an oversized heap read during `memcpy()`, information disclosure may be possible. Memory corruption and potential arbitrary code execution cannot be ruled out.

Fix / mitigation status:
The issue was fixed in GPAC commit:

```
df0c81722847238659a6beb0feab2c1ecd05c020
```

Users should update to a GPAC build containing this commit or later. The affected code should validate PSSH payload sizes and destination buffer capacity before copying PSSH data.

References:
- Issue: https://github.com/gpac/gpac/issues/3236
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/16/16_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/df0c81722847238659a6beb0feab2c1ecd05c020

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

@funkylab

For #FreeBSD (on that same box), I found a shell script that uses sysctl to get the ACPI name for the battery, and runs acpi_call from ports to set the thresholds, which survives a reboot.
On #OpenBSD, I believe you set the thresholds directly through sysctl.
On #Linux, you set it with something like echo 80 > /sys/class/power_supply/BAT0/charge_stop_threshold

Security Advisory: CVE-2025-55643 - NULL Pointer Dereference in GPAC MP4Box TrackWriter Handling

Processing a crafted MP4 file during DASH segmentation can trigger a NULL pointer dereference in MP4Box TrackWriter handling, causing a Denial of Service.

Summary:
The DASH fragmentation path in `filters/mux_isom.c` does not sufficiently validate a `TrackWriter` pointer before accessing its members. A crafted MP4 file with malformed metadata boxes can cause the PID-to-track setup to fail, leaving the `TrackWriter` pointer NULL. The muxer then performs member access through the NULL pointer.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
filters/mux_isom.c:6621
Function/path: TrackWriter handling during fragmented MP4 muxing
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE data. The issue was reproduced on a GPAC build at commit:
```
74fecde32cd477ab097f3e6db55a32b259f3313d
```
Builds before the fix commit `ad3b541b4f38c8f0ef67544509598f8207ea1207` should be considered affected if they contain the vulnerable TrackWriter handling path.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed metadata boxes, including malformed `mvcC` / `stsz` data. The issue can be reproduced locally with:
```
./MP4Box -dash 10000 ./17_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to process termination. No evidence of arbitrary code execution was observed.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
ad3b541b4f38c8f0ef67544509598f8207ea1207
```
Users should update to a GPAC build containing this commit or later. The affected muxing path should validate `TrackWriter` before member access and fail cleanly when track initialization fails.

References:
- Issue: https://github.com/gpac/gpac/issues/3240
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/17/17_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/ad3b541b4f38c8f0ef67544509598f8207ea1207

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55642 - Divide by Zero in GPAC MP4Box AVI Demuxer

Processing a crafted AVI-like media file with `MP4Box` can trigger a division by zero in `avidmx_process()`, causing a floating-point exception and Denial of Service.

Summary:
The `avidmx_process()` function in `filters/dmx_avi.c` does not sufficiently validate frame-count metadata before using it as a divisor during bitrate computation. When MP4Box processes a specially crafted input with invalid AVI frame metadata, such as a `0/256` frame declaration, the DASH processing path attempts to compute bitrate from the bitstream and divides by zero.
AddressSanitizer reports an `FPE` at `filters/dmx_avi.c:639`.

CWE:
CWE-369 - Divide by Zero

Affected Component:
```
filters/dmx_avi.c:639
Function: avidmx_process()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
GPAC MP4Box v2.4 is affected according to the CVE request data. The issue was reproduced on a GPAC build at commit:
```
f87b30611380e4dcd03cd4dd9ac553c0ec336826
```

Builds before the fix commit `cea49f684dbc4d53ecd6c76a9623838802a68d88` should be considered affected if they contain the vulnerable AVI demuxer bitrate computation path.

Attack Conditions:
An attacker supplies a crafted AVI-like media file with invalid frame metadata. The issue is triggered while processing the file through MP4Box DASH segmentation, for example with a `-dash` command using `14_poc.mp4`.
No elevated privileges are required. User interaction is required when the victim manually processes the malicious media file, or an automated workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to an uncaught floating-point exception and process termination. No evidence of arbitrary code execution was observed.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
cea49f684dbc4d53ecd6c76a9623838802a68d88
```
Users should update to a GPAC build containing this commit or later. The affected code should validate `num_frames` and related AVI metadata before using frame counts in bitrate calculations.

References:
- Issue: https://github.com/gpac/gpac/issues/3196
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/14/14_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/cea49f684dbc4d53ecd6c76a9623838802a68d88

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55641 - NULL Pointer Dereference in GPAC MP4Box Sample Info Copy

Processing a crafted MP4 file with corrupted Sample Auxiliary Information metadata can trigger a NULL pointer dereference in `gf_isom_copy_sample_info()`, causing a Denial of Service and potential memory corruption impact.

Summary:
The `gf_isom_copy_sample_info()` function in `isomedia/isom_write.c` does not sufficiently validate pointers after handling invalid Sample Auxiliary Information (SAI) metadata. A crafted MP4 file can provide corrupted SAI values, such as an invalid `sai_samples` count, causing memory allocation or merge handling to fail. The import path later attempts to copy sample information from a NULL pointer.

AddressSanitizer reports a `SEGV` caused by a `READ` memory access at address `0x000000000000`, with the crash occurring at `isomedia/isom_write.c:8164`.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
isomedia/isom_write.c:8164
Function: gf_isom_copy_sample_info()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
f87b30611380e4dcd03cd4dd9ac553c0ec336826
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted SAI metadata. The issue can be reproduced locally with:
```
./MP4Box -add 13_poc.mp4 -new /dev/null -split-size 500
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to process termination. The local CVE/MITRE data also marks potential code execution impact; the observed ASAN trace is a NULL pointer read.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
e38d24b7e3cbdc24e70f0437bf390ac3f2080b52
```
Users should update to a GPAC build containing this commit or later. The affected code should validate SAI metadata, allocation results, and sample-info pointers before copying sample information.

References:
- Issue: https://github.com/gpac/gpac/issues/3195
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/13/13_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/e38d24b7e3cbdc24e70f0437bf390ac3f2080b52

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Mozilla Firefox 152 porta nuove funzioni per produttività, personalizzazione e compatibilità web. Scopri tutte le novità del browser open source più famoso del web. #Firefox #Mozilla #Linux #OpenSource #Browser

https://www.linuxeasy.org/mozilla-firefox-152-disponibile-al-download-tutte-le-novita-della-nuova-versione/?utm_source=mastodon&utm_medium=jetpack_social

Quel programme sous #Linux pour vérifier le #Checksum #SHA1 d'un important (3Go) téléchargement ?
J'ai fait ça il y a qq années et ça reste dans mon souvenir comme très compliqué.
Merci d'avance.
#DemandeDaide #Help

#Firefox 152 Is Now Available for Download with Experimental JPEG XL Support and Revamped Settings, Here’s What’s New https://9to5linux.com/mozilla-firefox-152-is-now-available-for-download-heres-whats-new

#OpenSource #FreeSoftware #Linux

Alt...

A screenshot of Firefox 152 showing the main window while browsing the 9to5linux.com website and the About Mozilla Firefox dialog.

"Linux terminal for beginners"

#gnu #linux #gnulinux #cat #head #tail #humor

Alt...

linux terminal for beginners, a cat image with some refs: head, tail an cat.

So far for June's carnival, I got only ... @rl_dane 😔

Any #vim #neovim user that would like to write about it?

#opensource #linux #CLI #Shell #editors #mastodon #fediverse #bsd #programming #terminal

5 Easy Steps To Crop An Image in Inkscape

Step-by-step instructions on how to use Inkscape to crop an image whether you are a beginner or advanced user.

https://www.adamsdesk.com/posts/inkscape-crop-image/

#blog #inkscape #linux #windows #macOS #100DaysToOffload

Alt...

An elegant serif title of 'Inkscape Crop Images' stands next to a Inkscape logo shape cropped out of a blue coloured mountain landscape.

Sure everyone knows you can compile a .c file into a .so library

TIL you can compile a .so library back into a .c file

🤯

#programming #Linux

Alt...

Two gcc commands, one compiling autofile/_move.c into autofile/_move.so, immediately followed by one compiling autofile/_move.so into autofile/_move.c. The second command is shown to complete successfully (with code 0).

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟲/𝟬𝟲/𝟭𝟱 (Valuable News - 2026/06/15) available.

https://vermaden.wordpress.com/2026/06/15/valuable-news-2026-06-15/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟲/𝟬𝟲/𝟭𝟱 (Valuable News - 2026/06/15) available.

https://vermaden.wordpress.com/2026/06/15/valuable-news-2026-06-15/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

The periodic between 1960s and 1990s was the Cambrian Explosion of #CPU architecture and #OS.

A single manufacturer, DEC, alone, had RSTS, TOPS-10, TOPS-20, RSX-11, VMS, Ultrix, OSF/1, and several other OSs I no longer recall. And DEC had a slew of different CPU architectures, and they each ran many other OSs made by various software companies. Also, there were loads of other hardware makers, large and small, each with a flock of different CPUs and a gaggle of different OSs.

In those days, we bitterly protested against this excess of “diversity”, on the grounds of software incompatibility, development impedance, and investment cost.

Finally, we now have that much-vaunted “uniformity” we always desired: Slackware Linux, Debian Linux, Fedora Linux, SUSE Linux, Gentoo Linux, Ubuntu Linux, Arch Linux, NixOS Linux, SELinux, …, @$&*#Linux, and they all run on the #x86.

😞 #progress 😖

The security situation with the Arch Linux AUR got a lot worse https://www.gamingonlinux.com/2026/06/the-security-situation-with-the-arch-linux-aur-got-a-lot-worse/

#Linux #ArchLinux #Security

Yep well, it's as I thought. Checking the source code I found that acpi_ibm only accepts a small subset of thinkpad events, and MICMUTE isn't one of them, contrary to Linux's thinkpad_acpi which accepts a far larger set (All?) including MICMUTE.

FYI, acpi_ibm accepts just these keyboard events:

LCD_BACKLIGHT
SUSPEND_TO_RAM
BLUETOOTH
SCREEN_EXPAND
SUSPEND_TO_DISK
BRIGHTNESS_UP
BRIGHTNESS_DOWN
THINKLIGHT
ZOOM
VOLUME_UP
VOLUME_DOWN
MUTE
ACCESS_IBM_BUTTON

Just finished a PoC if i could bootstrap pkgsrc on my self-assembled minimal docker container.

Ingredients: skarnet-musl-toolchain. busybox-static, toybox-static, gawk, gsed, gtar, gmake, libz, libexpat, libxcrypt, libbsd, libmd, musl-{bsdcompat,fts,obstack,rpmatch}, and finally pkgsrc from netbsd.

after a few ins and outs, and learning the ropes, bootstrapping worked flawlessly.

shout out for the developers for their good work!

#docker #toybox #busybox #LFS #LFN #pkgsrc #linux #musl

Got my hands on an old Mac Mini 6,1 from 2012. First time ever attempted to install #Linux on #Apple hardware… Vanilla #Debian, everything, including wifi when selecting proprietary firmware… #Xfce just being so much faster than the latest MacOS update that machine received. Blown away.

🚀 #Gitte 0.7.0 is out!

- Visual commit graph with color-coded per-branch colors
- Greatly overhauled layout
- Rename detection in diffs
- Drop multiple commits at once
- Show word-based diffs more often
- Toggle recursing into untracked directories
- Shortcut (Ctrl+D) to switch between staged & unstaged

Plus many performance improvements & lots of fixes.

Flathub: https://flathub.org/apps/de.wwwtech.gitte
macOS: https://gitlab.com/dehesselle/gitte_macos/-/releases/v0.7.0+36
Repo: https://codeberg.org/ckruse/Gitte

#git #gnome #linux #macos

Alt...

Git GUI in a three-pane layout showing a visual commit graph with branches and tags, a selected release commit, and a detailed diff view of the file changes introduced by that commit

Alt...

Git GUI showing a repository changes view with modified and new files, branch and tag navigation, and a side-by-side diff editor highlighting staged changes in a Markdown documentation file

Idle power usage of my desktop on linux is significantly lower than on windows

https://www.reddit.com/r/linux/comments/1u4lnm4/idle_power_usage_of_my_desktop_on_linux_is/

Is anyone surprised by this? #linux

RE: https://floss.social/@VolkerKrause/116741489331797800

"… Regardless of how this will eventually materialize, the direction is clear, Android isn’t going to be a viable long-term platform for FOSS software, not even in its Google-free form. I have mostly considered it a stop-gap solution until Linux on the phone is ready anyway, so this is another reason to increase the effort into that direction."

https://volkerkrause.eu/2026/06/13/kde-android-news-june-2026.html#outlook

#Linux #Google #Android #KDE #FOSS

cc @lproven

I distro-hopped to openSUSE Tumbleweed and I'm liking it so far.

#linux #openSUSE

❄️ Nix Flakes and their Guix Equivalents

https://coopi.neocities.org/posts/nix-flakes-vs-guix

#guix #gnuguix #linux #opensource

TuxJam 130 – Office Therapy is out. @mralc, @mcnalu, @thelovebug and @kevie take a look at the Collabora Office Suite and RawTherapee. They also talk about their recent trip to #Oggcamp in Manchester. Along with the usual mix of #ccmusic https://tuxjam.otherside.network/tuxjam-130-office-therapy/

#TuxJam #podcast #Linux

Active AUR malicious packages incident

https://archlinux.org/news/active-aur-malicious-packages-incident/

#ArchLinux #Linux

Is it a good thing or a bad thing that I haven neither pacman -Syu nor yay -Syu my Arch (btw) setup since... checks notes... 2021? (Yes, it's this out-of-date; actually, I did update specific packages such as librewolf using makepkg -si twice this year, but I didn't update anything else, let alone updating the repositories).

Thinking on the bright side, I wasn't affected by the xz thing, for example.

When... If... I get a new machine, and/or a new spinning HDD for my laptop, I'll likely ditch Linux altogether and go with illumos, OpenIndianna, or whatever niche OS esoteric and unknown enough not to be a target of AI-assisted exploits (even BSD-based OSes don't seem like an alternative, as I recall seeing something linking some SomethingsomethingBSD to newly-discovered exploits; luckily, illumos is overly obscure).

Or, to quote the meme, "I'm going to build my own, with..."

#linux #arch #archlinux #openbsd #freebsd #netbsd #dragonflybsd #illumos #openindianna

Alt...

Screenshot of a very recent (today's) Discourse thread "400+ AUR packages compromised with infostealer and rootkit".

I was able to make my Pixel 3a Linux Phone with postmarketOS GNOME look like my first iPhone.

Ich habe es geschafft mein Linux-Handy mit postmarketOS GNOME so aussehen zu lassen, wie mein allererstes iPhone.

Thanks to the help of @krafting who is making all this possible!

#Linux #postmarketOS #iOS

Nehmt Arch haben sie gesagt! Das wird toll, haben sie gesagt! 🙄

Scheiß npm. Wer das erfunden hat, sollte sowieso ewig in die supply chain und dependency hell.

#arch #linux #aur #npm #supplychain #alvr

@sodiboo https://gaysex.cloud/notes/andaxow7itfn05x9

Anyone know why using sftp with Dolphin in Plasma is so slow in Alpine Linux?

Using Debian, doing the same thing is like greased lightning.

It's not network, ssh/scp/rsync/sftp command line works wicked fast between hosts with Alpine.

Something about Alpine and Plasma it seems. This has been an on-going thing.

Anyone know a workaround, beside using a different protocol I mean? This should "just work" like on other distros.

#Linux #AlpineLinux #Alpine #Plasma #KDE #KDEPlasma #Dolphin #sftp