new Arch #Linux powered gaming device is here. This is Steam Machine and specs and other details are below. This mainstream gaming device that ships with Linux. Get rid of Microsoft and you now have working Linux gaming device.

more info here https://store.steampowered.com/hardware/steammachine

haha. Joke asides, there are few ways to ignore bash aliases. For example, to ignore python alias, type the `command` followed by alias name:
```
command python ...
```
Both \ and " symbols allows you to run real python command and ignore python alias at the CLI:
```
\python ...
"python" ...
```
Or just full path:
```
/usr/bin/python ...
```

more @ https://www.cyberciti.biz/faq/ignore-shell-aliases-functions-when-running-command/ in case if you wish to read.
#unix #linux #opensource

Alt...

This is meme about Linux or Unix CLI especially alias feature offered by bash. An inmate in prison asks a small fellow inmate, "What you in for?" The small inmate replies that they added 'alias python=echo "bash: python: command not found"' to a friend's .bashrc file. The large inmate backs away in terror, yelling, "Dude, WTF?!"

Julius – a fully working open-source version of Caesar 3, with the same logic as the original, but with some UI enhancements, that can be played on multiple platforms. https://archivegame.org/julius/ #game #strategy #linux #osx #windows #android #nintendo #playstation

Why Drawing Tablet Brands Won't Collaborate on Linux FLOSS Drivers

After investigation; Gaomon, XpPen, and Huion won't collaborate on open-source drivers because of outdated naming conventions. Here's what I learned from direct contact with their technical teams, and what I plan to do to move forward.

Link to article: https://www.davidrevoy.com/article1154/why-drawing-tablet-brands-wont-collaborate-on-linux-floss-drivers

#linux #drivers #tablet

lsdisplay: a useful CLI Tool for Linux users and admins to list connected Displays with Details and ASCII Layout Diagram ; Zero-dependency, just Python 3.7+ #Linux https://github.com/AGuyMarc/lsdisplay

It happened.

I don't know WHEN it happened, sometime recently, I suppose, but I now find myself opening terminal windows to do things instead of using graphical apps.

I'm typing in commands - with flags - from memory.

Commands are working on the FIRST TRY instead of the third...or twelfth.

I can edit config files and understand the syntax and structure.

I'm making my own aliases.

I want a new keyboard.

Holy shit!

#linux #homelab #selfhost #thematrix #redpill

Alt...

Still from the movie The Matrix where Neo "sees" the Matrix for the first time.

I'm looking for an (s)FTP GUI client for linux. Do any of you have any recommendations?

#linux #sFTP #FTP #GUI #CachyOS

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟲/𝟬𝟲/𝟮𝟮 (Valuable News - 2026/06/22) available.

https://vermaden.wordpress.com/2026/06/22/valuable-news-2026-06-22/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟲/𝟬𝟲/𝟮𝟮 (Valuable News - 2026/06/22) available.

https://vermaden.wordpress.com/2026/06/22/valuable-news-2026-06-22/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

10 more days until our #CfP is closed.

Remember we moved our dates and #SeaGL2026 is now happening October 23rd and 24th. Same location.

Visit: https://seagl.org for details

#linux #opensource #FLOSS #FOSS #OSS #ophw #community #tech #seattle #freedom

Dearest #Fedora and other miscellaneous #Linux #distros,

This is ridiculous. For the love of all that is good in the universe, please pick a larger default font for the fbdev console. 🤓

Alt...

Photo of a dnf update with me holding my thumb on the screen so you can see that my thumb is nearly a dozen lines wide.

RE: https://mastodon.social/@rustaceans/116755672316463652

yserver

― a modern X11 server written from scratch in Rust.

<https://github.com/joske/yserver>

"… there are multiple projects on GitHub with this name (but none for X11 servers), the name is subject to change. …"

<https://lobste.rs/s/yy8je0/yserver_modern_x11_server_written_from>

<https://www.phoronix.com/news/YSERVER-Rust-X11-Server>

"… can currently run a full MATE, Xfce, or Cinnamon X11 desktop. The prominent X11 extensions from RandR to DRI3, GLX, MIT-SHM, Composite, and others are supported. And, yes, with working Compiz goodness too:

… open-source under an MIT license. …"

<https://news.ycombinator.com/item?id=48531394>

<https://www.reddit.com/r/linux/comments/1u31shc/comment/or1re0p/>

#AI #Linux #X11 #yserver #Rust

All #KDE fans, what is your favorite #KDE #Linux distro?

Any of y'all have experience with KVM to USB device like this? Would love to hear about any models that are good or to steer clear of.

#Linux #IT #HomeLab #SysAdmin

https://openterface.com/minikvm/

strncpy() has been removed from the #Linux kernel. All former callers have +been migrated to safer alternatives. strncpy() is major source of bugs. The replacements are listed now.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3746ccbb0a97bed3c06ccde6b880013b1dddc1
FYI, this is starting from Linux kernel v7.2 but it was the need of the hour.

#security #infosec

Unter NixOS muss man bash scripte abändern ....

In die erste Zeile gehört #!/usr/bin/env bash statt #!/bin/bash

Muss man auch erst mal drauf kommen 😆

#linux #nixos #glfos #bash

Writeup OverTheWire Bandit Level 0–5 yang membahas langkah-langkah penyelesaian tantangan dasar, penggunaan SSH, navigasi sistem Linux, dan teknik pencarian informasi pada lingkungan CTF.

Semoga bermanfaat bagi rekan-rekan yang sedang mempelajari keamanan siber dan Linux.

https://analis-siber-purwakarta.blogspot.com/2026/06/overthewire-bandit-level-0-5.html

#CyberSecurity #Linux #CTF #OverTheWire #Bandit

Every one is a #Linux expert until they try to install #Nvidia drivers on a fresh Debian install 👩🏻‍💻

@rl_dane can’t wait to install #Linux on « old » Macs 🐧❤️🍏

"Switching to #Linux isn't hard, it's just a matter of having a few solid options to choose from."

https://n1cck.us/blog/switch-to-linux/

#blogpost #opinionated #rlshouldwriteaboutbsd

What’s stopping you from building a nice little home lab running multiple VMs, a personal DNS resolver with Ad blockers, a ZFS based NAS and firewall with #Linux or #FreeBSD? 🤔

Just finished building the major Slackware updates (Plasma 6 plus a huge number of core package updates) under Open Source UTM using paravirtualised mode on Apple Silicon M2.

UTM has been absolutely rock solid throughout. Had to revert to the HoneyComb LX2 (16×2GHz cores, 32GB RAM) tho, because I couldn’t dedicate enough memory to the VM -- the host’s OOM killer started terminating some of the large KDE package builds.

Dreaming of a Mac Mini M4 for the main build host...

#linux #slackware

After Bluesky, Threads, and so on, the whole #WSocial thing is another reminder that it was never about the #Fediverse being "too complicated" or "just for nerds".

A bafflingly large amount of people genuinely only act on a gut feeling telling them that only commercial products with fancy marketing owned by a for-profit corporation can be trustworthy, 'official' and 'legal', for the lack of a better word.

If something is a commercial offering by a competent-looking, rich family man in a suit, it's clearly an official, legal, trustworthy product. You can be proud of using such a fancy-looking service.

When they see a community-run open-source project or a grassroots initiative, their first instinct is that it must be shady, illegal, complicated, broken or predatory in some way. It's probably some aftermarket grey area bootleg made by weird tech nerds, political groups with an ulterior motive, conspiracy theorists or some naive teenage hackers. They'd also be embarrassed for using it in front of their peers and neighbours; who uses some free back-alley software, are you poor or something?

The same people are the reason why Google is using the word 'sideloading', why scammers love wearing fancy suits, why people suddenly act childishly helpless in front of LibreOffice, or why DIY HRT is so demonised.

They trust any kind of 'official approval' over their own senses. If someone does something that isn't 'approved', they're a bad person or clearly endangering themselves and others. No idea why exactly, but psh, it must be wrong somehow, or everyone would do it, right?

If people on the Fediverse understood that the whole "it's all so complicated and clunky" thing is just a thinly veiled excuse for a general disdain for non-commercial software, we could finally stop making all our software imitate their corporate equivalents in a futile attempt to appease people who never gave us a chance in the first place.

You'll never convince them to treat it in good faith no matter how much effort or money you put into UX or 'ease of use'. All you're doing is making the software worse, e. g. through things like dot-social, verified accounts or begging brands, corporations and politicians to join and give your product some kind of 'official' validation.

#mastodon #openSource #linux

Thx to AI Linux will soon stop being a platform for retrocomputing hardware. Old hw support is getting deprecated to reduce the attack surface.

Meanwhile the Linux Foundation is creating its nth AI/crypto related group.

#opensource #linux #ai #cybersecurity #retrocomputing #retrogaming

@jbz

I think #linux was already heading in that direction, but I guess with #ai it will speed it up. From my perspective #linux is owned by large corporations and regular users are a very low priority.

There is always #NetBSD :) I am on 11.0 RC5 on a #T430 and it is working great, granted you have to pay attention to the hardware you use/find/but. Plus #NetBSD seems to be dedicated to keeping old hardware out of landfills.

#opensource #cybersecurity #retrocomputing #retrogaming

The Register: Linux kernel 7.1 sends Intel 486 support to silicon heaven https://www.theregister.com/os-platforms/2026/06/16/linux-kernel-71-sends-intel-486-support-to-silicon-heaven/5256260 @theregister @lproven #Linux #Intel

Rust is becoming a major part of the #Linux kernel. Even long time C veteran Greg Kroah Hartman (GKH) supports the shift. Rust is next big thing if you are into kernel or device drivers or other stuff where memory safety is essential for security reasons

Alt...

A stage screen showing a presntation slide titled Greg's unscientific opinion. The text claims 80% of Linux CVEs would be impossible if the code was writen in Rust

TuxJam 131 – AliBazBaz is out, with Dave MIA, @mralc, @mcnalu and @kevie take up the reigns and look at the #gaming distro Bazzite and #Android dashcam application Alibi. #TuxJamHalfCut gets announced on the show for the first time and there is also the usual mix of #ccmusic https://tuxjam.otherside.network/tuxjam-131-alibazbaz/
#TuxJam #linux #Podcast #bazzite

After reading @rl_dane's post, I wanted to share how I manage my #bookmarks, and add some quick #notes using #neovim.

#editors #vi #vim #shell #fediverse #bsd #linux
https://lazybea.rs/ils-bookmarks-and-notes

If someone asked me to describe the Unix philosophy in the modern era, I'd say: build small tools that do one thing well, make them work together through open standards, automate repetitive tasks, keep systems transparent, and empower users rather than lock them into platforms. The tools may have changed, but simplicity, composability, and freedom remain timeless.
#linux
#unix
#gnu
#freebsd
#openbsd
#netbsd

⋅ Fedora Is Building a Web-Based Remote Installer for Headless Systems

Fedora is working on a browser-based remote installation for Anaconda, targeting headless systems, ARM boards, and network installs.

− https://linuxiac.com/fedora-is-building-a-web-based-remote-installer-for-headless-systems/

#Fedora #Gnu #Linux

    Workspace 1
    Workspace 2
    Workspace 3

    Firefox            -> Tag 1 (Web Browsing)
    st (nvi/dev)       -> Tag 2 (Code/Scripts)
    st (Monitor/Logs)  -> Tag 1 + Tag 2 (Persistent)

#suckless #dwm #unix #linux #sysadmin

For a decade I carried two iPhones: one personal, one for work. Neither ever felt at home in my Linux and BSD world.

Now it's a single Fairphone Gen6. Repairable with a screwdriver, 8 years of updates, separate work and personal profiles on one device, and it actually talks to my KDE desktop over KDE Connect.

Immich, Nextcloud, K-9 Mail, Tusky, KeePassDX, and finally GPG mail in my pocket. The camera is meh. Everything else is a clear win.

https://blog.hofstede.it/leaving-the-apple-ecosystem-one-fairphone-instead-of-two-iphones/

#Fairphone #Android #FOSS #Linux #FDroid

I love that feeling you get when you finish tuning your Linux desktop box with everything optimized and "just so" and nothing left to mess with or install. Colours, wallpaper, apps, hardware acceleration, menus, widgets/plasmoids, filesystems backed up, etc.

Oh, that's just me?

Never mind. Carry on.

#Linux #AlpineLinux

Step 1: Open terminal
Step 2: Type `alias nano='vim -c "smile"'`
Step 3: Enjoy this whenever someone type `nano`!

#SysAdmin #Linux #FreeBSD

Alt...

This screenshot shows green ASCII art of the Vim ester eggs on a dark retro terminal screen, with the "Press ENTER or type command to continue" prompt displayed at the bottom when you type nano at the cli via bash alias: alias nano='vim -c "smile"'

#Mozilla #Thunderbird 152 Email Client Updates GMail OAuth to Use PKCE https://9to5linux.com/mozilla-thunderbird-152-email-client-updates-gmail-oauth-to-use-pkce

#OpenSource #FreeSoftware #Linux

Alt...

A screenshot of Mozilla Thunderbird 152 showing the main window and the About Mozilla Thunderbird dialog.

Security Advisory: CVE-2025-70102 - NULL Pointer Dereference in dhcpcd parse_option

Summary
A crafted dhcpcd configuration input can trigger undefined behavior in the configuration parser by causing `parse_option()` to access a member through a NULL `struct dhcp_opt` pointer.

The issue is located in `src/if-options.c` in `parse_option()`. During parsing of malformed or unexpected option data, the lookup/parsing path can leave the local DHCP option pointer unset. The affected code then assumes the option pointer is valid and accesses embedded option metadata through it, which results in a NULL pointer member access at `src/if-options.c:1886`.

CWE:
CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Affected Component:
```
src/if-options.c:1886
Function: parse_option()
```

Affected Product:
dhcpcd

Affected Version:
The issue was reproduced against dhcpcd commit:
```
2de751b3691642151a4fdc49e444d6b4dc364e98
```

Attack Conditions:
An attacker must cause dhcpcd to process a crafted configuration input that reaches the vulnerable option parsing path. The issue was reproduced in an instrumented fuzzing build of the dhcpcd configuration reader.

Impact:
The vulnerability causes undefined behavior and process termination under the sanitizer build, resulting in Denial of Service. No evidence of arbitrary code execution was observed in the local crash data.

Fix:
The issue was fixed in dhcpcd commit:
```
117742d755b591764036dd4218f314f748a3d2b7
```
The fix ensures that the pointed-to local DHCP option entry is non-NULL before it is dereferenced. Users should update to a dhcpcd build containing this commit or later.

References:
- Issue: https://github.com/NetworkConfiguration/dhcpcd/issues/567
- Fix: https://github.com/NetworkConfiguration/dhcpcd/commit/117742d755b591764036dd4218f314f748a3d2b7
- PoC: https://github.com/sigdevel/pocs/blob/main/res/dhcpcd/1/if-options_c_1886/if-options_c_1886

Credits:
Alexander A. Shvedov (@sigdevel)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #dhcp #net #dhcpcd

Security Advisory: CVE-2025-55663 - NULL Pointer Dereference in GPAC MP4Box Track Descriptor Handling

Summary:
Processing a crafted MP4 file containing an unsupported box type with `MP4Box` can trigger a NULL or invalid pointer dereference in `Track_SetStreamDescriptor()`, causing a Denial of Service.

The `Track_SetStreamDescriptor()` function in `isomedia/track.c` mishandles sample entry pointers when importing malformed MP4 files containing an unknown `svcC` box inside an `av01` parent box. The unsupported box path can leave the relevant sample entry pointer uninitialized or invalid, and the import/update path later dereferences it.

AddressSanitizer reports a `SEGV` caused by a `READ` memory access at `isomedia/track.c:1677`.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
isomedia/track.c:1677
Function: Track_SetStreamDescriptor()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
15a4ac2dff38cdbb8b43e7c84fb1595ee80d81ac
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing an unsupported `svcC` box inside an `av01` parent box. The issue can be reproduced locally with:
```
./MP4Box -add 8_poc.mp4 -new /dev/null -ab 1024
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.

Impact:
The immediate observed impact is Denial of Service due to process termination. The local MITRE data notes potential code execution risk; the observed trace shows an invalid read and segmentation fault.

Fix:
The issue was fixed in GPAC commit:
```
78c2c9be29a41b38eca2c53d280442088a71dab9
```

Users should update to a GPAC build containing this commit or later. The affected code should validate sample entry pointers and unsupported box handling before changing stream descriptors or importing media configuration.

References
- Issue: https://github.com/gpac/gpac/issues/3143
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/8/8_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/78c2c9be29a41b38eca2c53d280442088a71dab9

Credits
Alexander A. Shvedov (@sigdevel)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

CVE-2025-55661 - Heap Buffer Overflow in GPAC MP4Box Opus Header Parser

Summary:
Processing a crafted MP4 file containing malformed Opus audio packets with MP4Box can trigger a heap buffer overflow in `gf_opus_parse_packet_header()`, causing a crash and possible information disclosure from an out-of-bounds heap read.

The `gf_opus_parse_packet_header()` function in `media_tools/av_parsers.c` does not sufficiently validate the input buffer size before reading Opus packet header fields. When MP4Box parses crafted Opus audio packet data, the parser reads one byte beyond the end of a heap-allocated sample buffer.

AddressSanitizer reports a heap-buffer-overflow at `media_tools/av_parsers.c:11326`, with a `READ of size 1` immediately after a 3-byte heap region allocated by `Media_GetSample()`.

Affected Component:
`media_tools/av_parsers.c:11326`

Function: `gf_opus_parse_packet_header()`

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
GPAC MP4Box v2.4
The issue was reproduced on a GPAC build at commit `ff8249a407685d00ceb5f4d2a798b9cad195140e`.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed Opus audio packet data, such as an invalid TOC code 3 length. The issue can be reproduced with:
```
./MP4Box 9_poc.mp4 -dxml -out /dev/null
```
No elevated privileges are required. The attack is context-dependent because attacker-controlled media may be processed by MP4Box in automated workflows; manual processing also triggers the issue.

Impact:
The observed impact is denial of service due to process termination. Because the bug reads beyond a heap allocation, adjacent heap memory disclosure may also be possible.

CWE:
CWE-122 - Heap-based Buffer Overflow

Fix:
The issue was fixed in GPAC commit `d523e7190ccdcf2c13a698080f4f30dc933bd34c`.

Users should update to a GPAC build containing this commit or later. The affected Opus parser should validate the sample buffer length before reading TOC and packet header fields.

References:
- Issue: https://github.com/gpac/gpac/issues/3160
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/9/9_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/d523e7190ccdcf2c13a698080f4f30dc933bd34c

Credits:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55660 - Stack-based Buffer Overflow in GPAC MP4Box Opus Parser

Summary:
Processing a crafted MP4 file containing malformed Opus audio packets with `MP4Box` can trigger a stack-based buffer overflow in `gf_opus_read_length()`, causing a crash and potential memory corruption.

The `gf_opus_read_length()` function in `media_tools/av_parsers.c` does not sufficiently validate Opus packet sizes before writing packet length information. When MP4Box parses a crafted MP4 file containing malformed non-self-delimited Opus packet data, the parser can write two bytes beyond the bounds of a stack object used by the Opus inspection path.

AddressSanitizer reports a `stack-buffer-overflow` at `media_tools/av_parsers.c:11140`, with a `WRITE of size 2` overflowing the `pckh` stack object in `gf_inspect_dump_opus_internal()`.

CWE:
CWE-121 - Stack-based Buffer Overflow

Affected Component:
```
media_tools/av_parsers.c:11140
Function: gf_opus_read_length()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
ff8249a407685d00ceb5f4d2a798b9cad195140e
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed Opus audio packets, such as a non-self-delimited Opus packet with an invalid odd length. The issue can be reproduced locally with:
```
./MP4Box -add 7_poc.mp4 -dxml -out /dev/null
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.

Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a stack-based buffer overflow with attacker-controlled media input, memory corruption and potential arbitrary code execution cannot be ruled out.

Fix:
The issue was fixed in GPAC commit:
```
d523e7190ccdcf2c13a698080f4f30dc933bd34c
```

Users should update to a GPAC build containing this commit or later. The affected Opus parsing code should validate packet sizes and frame-length constraints before writing length fields into packet header structures.

References:
- Issue: https://github.com/gpac/gpac/issues/3161
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/7/7_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/d523e7190ccdcf2c13a698080f4f30dc933bd34c

Credits:
Alexander A. Shvedov (@sigdevel)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55652 - Heap Buffer Overflow in GPAC MP4Box VP Configuration Handling

Processing a crafted MP4 file with malformed VP codec configuration data can trigger a heap buffer overflow in `gf_isom_vp_config_new()`, causing a crash and potential memory corruption.

Summary:
The `gf_isom_vp_config_new()` function in `isomedia/avc_ext.c` does not sufficiently validate buffer boundaries when creating VP codec configuration boxes. A crafted MP4 file with malformed VP codec data, including unknown box types such as `D0ncv` in `stsd`, can cause MP4Box to allocate an undersized box structure and then write VP/NALU configuration data beyond the allocation.

CWE:
CWE-122 - Heap-based Buffer Overflow

Affected Component:
```
isomedia/avc_ext.c:1962
Function: gf_isom_vp_config_new()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
74fecde32cd477ab097f3e6db55a32b259f3313d
```
Builds before the fix commit `ad3b541b4f38c8f0ef67544509598f8207ea1207` should be considered affected if they contain the vulnerable VP configuration allocation/write path.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed VP codec configuration data. The issue can be reproduced locally with:
```
./MP4Box -dash 10000 ./18_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is an out-of-bounds heap write, memory corruption and potential arbitrary code execution cannot be ruled out.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
ad3b541b4f38c8f0ef67544509598f8207ea1207
```

References:
- Issue: https://github.com/gpac/gpac/issues/3242
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/18/18_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/ad3b541b4f38c8f0ef67544509598f8207ea1207

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

CVE-2025-55650 - Heap Use-After-Free in GPAC MP4Box SVG Node Handling

Summary
Processing a crafted MP4 file with `MP4Box -svg` can trigger a heap use-after-free in `gf_svg_node_del()`, causing a crash and possible memory corruption.

The `gf_svg_node_del()` function in `scenegraph/svg_types.c` does not ensure that freed SVG node memory is not accessed again during scene graph cleanup. When MP4Box parses a crafted MP4 file through the MPEG-4 LASeR/SVG scene dump path, an SVG node is freed and then dereferenced again.

AddressSanitizer reports a heap-use-after-free at `scenegraph/svg_types.c:107`, with a `READ of size 8` from a 24-byte heap region that was previously freed in `gf_svg_node_del()` at `scenegraph/svg_types.c:126` and allocated by `gf_svg_create_node()` at `scenegraph/svg_types.c:65`.

Affected Component
`scenegraph/svg_types.c:107`

Function: `gf_svg_node_del()`

Affected Product
MP4Box (GPAC Multimedia Open Source Project)

Affected Version
GPAC MP4Box v2.4.

The issue was reproduced on a GPAC build at commit `46be5f928660530d5332cd2f1d177208737558ef`.

Attack Conditions
An attacker supplies a crafted MP4 file that reaches the SVG/LASeR scene parsing path. The issue can be reproduced with:

```
./MP4Box -svg 10_poc.mp4
```

No elevated privileges are required. User interaction is required when a victim manually processes the malicious MP4 file; automated workflows that invoke MP4Box on attacker-controlled media may also trigger the issue.

Impact
The observed impact is denial of service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution cannot be ruled out.

CWE
CWE-416 - Use After Free

Fix
The issue was fixed in GPAC commit `6be6f62e2a079ebccf3a9e57c27787fd16e645de`.

Users should update to a GPAC build containing this commit or later. The affected scene graph cleanup code should prevent use of freed SVG nodes and ensure node lifetime and registration state are handled consistently during scene reset and deletion.

References
- Issue: https://github.com/gpac/gpac/issues/3162
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/10/10_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/6be6f62e2a079ebccf3a9e57c27787fd16e645de

Credits
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55649 - NULL Pointer Dereference in GPAC MP4Box ESD Mapping

Processing a crafted MP4 file with corrupted Elementary Stream Descriptor data can trigger a NULL pointer dereference in `gf_media_map_esd()`, causing a Denial of Service.

Summary:
The `gf_media_map_esd()` function in `media_tools/isom_tools.c` does not verify that `esd->URLString` is non-NULL before passing it to `strlen()`. When MP4Box processes a crafted MP4 file containing corrupted ESD data during fragmentation setup, `URLString` can be NULL and the process crashes while reading from address `0x000000000000`.

AddressSanitizer reports a `SEGV` in `strlen()`, with the GPAC call site at `media_tools/isom_tools.c:1359`.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
media_tools/isom_tools.c:1359
Function: gf_media_map_esd()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
09e7063ed0a13b4cee9a180a56dcc21e9f9ade07
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted ESD data. The issue can be reproduced locally with:
```
./MP4Box -frag 1500 11_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.

Impact:
The immediate observed impact is Denial of Service due to process termination. The crash is a NULL pointer dereference on the zero page; no evidence of arbitrary code execution was observed.

Fix / mitigation status:
The local CVE/MITRE data references GPAC fix commit:
```
10c16d54659b1b82dd49573dfeacfa9a5627a115
```
Users should update to a GPAC build containing this commit or later. The affected code should validate `esd`, `esd->URLString`, and related ESD fields before string operations.

References:
- Issue: https://github.com/gpac/gpac/issues/3183
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/11/11_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/10c16d54659b1b82dd49573dfeacfa9a5627a115

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55648 - Heap Buffer Overflow in GPAC MP4Box Opus Packet Parser

Processing a crafted MP4 file containing corrupted Opus sample-size data with `MP4Box` can trigger a heap buffer overflow in `gf_opus_parse_packet_header()`, causing a crash and potential memory corruption impact.

Summary:
The `gf_opus_parse_packet_header()` function in `media_tools/av_parsers.c` does not sufficiently validate the input buffer length before parsing Opus packet headers. When MP4Box processes a crafted MP4 file with corrupted sample-size (`stsz`) data, the parser reads beyond the bounds of a heap-allocated sample buffer.
AddressSanitizer reports a `heap-buffer-overflow` at `media_tools/av_parsers.c:11297`, with a `READ of size 1` 1242 bytes past a 32-byte heap region allocated by `Media_GetSample()`.

CWE:
CWE-122 - Heap-based Buffer Overflow

Affected Component:
```
media_tools/av_parsers.c:11297
Function: gf_opus_parse_packet_header()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
61bbfd2e89553373ba3449b8ec05b5f098d732a5
```

Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted Opus sample-size (`stsz`) data. The issue can be reproduced locally with:
```
./MP4Box 12_poc.mp4 -dxml
```
No elevated privileges are required. The CVE text describes the attack as network/context-dependent because attacker-controlled media may be processed by MP4Box in automated workflows; manual processing also triggers the issue.

Impact:
The immediate observed impact is Denial of Service due to process termination. Because the bug reads beyond a heap allocation, information disclosure may be possible. The local MITRE data also notes potential arbitrary code execution risk, though the observed ASAN trace is an out-of-bounds read.

Fix / mitigation status:
The local CVE/MITRE data references GPAC fix commit:
```
cea49f684dbc4d53ecd6c76a9623838802a68d88
```

Users should update to a GPAC build containing this commit or later. The affected Opus parser should validate sample buffer length and `stsz`-derived packet sizes before reading packet header fields.

References:
- Issue: https://github.com/gpac/gpac/issues/3190
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/12/12_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/cea49f684dbc4d53ecd6c76a9623838802a68d88

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55647 - Integer Overflow in GPAC MP4Box PSSH Handling

Processing a crafted MP4 file with malformed Protection System Specific Header (PSSH) data can trigger an integer overflow and uncontrolled allocation in `mp4_mux_cenc_insert_pssh()`, causing Denial of Service through memory exhaustion.

Summary:
The `mp4_mux_cenc_insert_pssh()` function in `filters/mux_isom.c` does not sufficiently validate PSSH sizes before allocating memory. A crafted MP4 file can set PSSH-related fields such as `kid_count` or `dataSize` to very large values. This can overflow the buffer size calculation and cause MP4Box to attempt a very large allocation during DASH/mux processing.

AddressSanitizer reports an out-of-memory condition at `filters/mux_isom.c:4326`, where `realloc()` attempts to allocate `0xe40000100` bytes.

CWE:
CWE-190 - Integer Overflow or Wraparound

Affected Component:
```
filters/mux_isom.c:4326
Function: mp4_mux_cenc_insert_pssh()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
e95f3064d846e4606276fff111e0f97df1576a04
```
Builds before the fix commit `2a1f638534cddf511a7ba06618bff9d587141792` should be considered affected if they contain the vulnerable PSSH allocation path.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed PSSH/CENC metadata. The issue can be reproduced locally with:
```
./MP4Box -dash 10000 ./15_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to memory exhaustion and process termination. Because the root cause is an integer overflow in allocation-size calculation, memory corruption and potential arbitrary code execution cannot be ruled out.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
2a1f638534cddf511a7ba06618bff9d587141792
```

References:
- Issue: https://github.com/gpac/gpac/issues/3235
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/15/15_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/2a1f638534cddf511a7ba06618bff9d587141792
- Related fix/reference: https://github.com/gpac/gpac/commit/3111995

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55644 - Use-After-Free in GPAC MP4Box

Processing a crafted MP4 file with invalid BIFS GlobalQuantizer commands causes gf_node_get_tag() to access a freed 192-byte QuantizationParameter node at scenegraph/base_scenegraph.c:1263, resulting in a heap use-after-free and crash.

Summary:
During MPEG-4 BIFS scene decoding, BM_ParseGlobalQuantizer() in bifs/memory_decoder.c first calls gf_node_unregister() at line 176 to release a QuantizationParameter node, freeing the 192-byte heap region. Without clearing the stale pointer, the function then calls gf_node_get_tag() on the same address at line 181, performing a READ of 8 bytes at offset 0 into the freed region. A crafted MP4 containing invalid GlobalQuantizer BIFS commands, corrupted ODF descriptors, and malformed box types (PEC1808, fre) reliably triggers this free-then-use sequence through the -svg dump path.

CWE:
CWE-416 - Use After Free

Affected Component:
```
scenegraph/base_scenegraph.c:1263
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box 2.4 and earlier; tested at commit f5b7cdc63a7f3269040778c5431a8f6c310bc9f3

Attack Conditions:
An attacker supplies a locally accessible crafted MP4 file embedding invalid BIFS scene data. The victim runs MP4Box -svg on the file to trigger BIFS scene parsing. No elevated privileges are required.

Impact:
The use-after-free causes a fatal crash (Denial of Service). Use-after-free vulnerabilities can allow attackers to control freed heap memory contents and potentially redirect execution flow; code execution cannot be excluded.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
63eccc33d4a2b731ebb31581ff5673a2c0b13ad4
```
Users should update to a GPAC build containing this commit or later.

References:
- Issue: https://github.com/gpac/gpac/issues/3246
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/20/20_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/63eccc33d4a2b731ebb31581ff5673a2c0b13ad4

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

Security Advisory: CVE-2025-55645 - Heap Buffer Overflow in GPAC MP4Box PSSH Copy

Processing a crafted MP4 file with malformed PSSH data can trigger a heap buffer overflow in `gf_cenc_set_pssh()`, causing a crash and potential memory disclosure or memory corruption impact.

Summary:
The `gf_cenc_set_pssh()` function in `isomedia/drm_sample.c` does not sufficiently validate the size of PSSH data before copying it into a heap buffer. A crafted MP4 file can declare an oversized PSSH payload, causing MP4Box to copy a very large amount of data from a 512-byte heap allocation during DASH/CENC processing.

CWE:
CWE-120 - Buffer Copy without Checking Size of Input

Affected Component:
```
isomedia/drm_sample.c:982
Function: gf_cenc_set_pssh()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The local MITRE workbook also lists `2.5-DEV-rev228-g11067ea92-master` as affected. The issue was reproduced on a GPAC build at commit:

```
e95f3064d846e4606276fff111e0f97df1576a04
```

Builds before the fix commit `df0c81722847238659a6beb0feab2c1ecd05c020` should be considered affected if they contain the vulnerable PSSH copy path.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed PSSH/CENC metadata with an oversized declared payload. The issue can be reproduced locally with:

```
./MP4Box -dash 10000 ./16_poc.mp4
```

No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to process termination. Because the bug performs an oversized heap read during `memcpy()`, information disclosure may be possible. Memory corruption and potential arbitrary code execution cannot be ruled out.

Fix / mitigation status:
The issue was fixed in GPAC commit:

```
df0c81722847238659a6beb0feab2c1ecd05c020
```

Users should update to a GPAC build containing this commit or later. The affected code should validate PSSH payload sizes and destination buffer capacity before copying PSSH data.

References:
- Issue: https://github.com/gpac/gpac/issues/3236
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/16/16_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/df0c81722847238659a6beb0feab2c1ecd05c020

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac

@funkylab

For #FreeBSD (on that same box), I found a shell script that uses sysctl to get the ACPI name for the battery, and runs acpi_call from ports to set the thresholds, which survives a reboot.
On #OpenBSD, I believe you set the thresholds directly through sysctl.
On #Linux, you set it with something like echo 80 > /sys/class/power_supply/BAT0/charge_stop_threshold

Security Advisory: CVE-2025-55643 - NULL Pointer Dereference in GPAC MP4Box TrackWriter Handling

Processing a crafted MP4 file during DASH segmentation can trigger a NULL pointer dereference in MP4Box TrackWriter handling, causing a Denial of Service.

Summary:
The DASH fragmentation path in `filters/mux_isom.c` does not sufficiently validate a `TrackWriter` pointer before accessing its members. A crafted MP4 file with malformed metadata boxes can cause the PID-to-track setup to fail, leaving the `TrackWriter` pointer NULL. The muxer then performs member access through the NULL pointer.

CWE:
CWE-476 - NULL Pointer Dereference

Affected Component:
```
filters/mux_isom.c:6621
Function/path: TrackWriter handling during fragmented MP4 muxing
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE data. The issue was reproduced on a GPAC build at commit:
```
74fecde32cd477ab097f3e6db55a32b259f3313d
```
Builds before the fix commit `ad3b541b4f38c8f0ef67544509598f8207ea1207` should be considered affected if they contain the vulnerable TrackWriter handling path.

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed metadata boxes, including malformed `mvcC` / `stsz` data. The issue can be reproduced locally with:
```
./MP4Box -dash 10000 ./17_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.

Impact:
The immediate observed impact is Denial of Service due to process termination. No evidence of arbitrary code execution was observed.

Fix / mitigation status:
The issue was fixed in GPAC commit:
```
ad3b541b4f38c8f0ef67544509598f8207ea1207
```
Users should update to a GPAC build containing this commit or later. The affected muxing path should validate `TrackWriter` before member access and fail cleanly when track initialization fails.

References:
- Issue: https://github.com/gpac/gpac/issues/3240
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/17/17_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/ad3b541b4f38c8f0ef67544509598f8207ea1207

Credit:
@sigdevel (Alexander A. Shvedov)

#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac