Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Local file-based trigger with mandatory user interaction; impact is crash-only DoS - no confidentiality or integrity consequence applies.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
AnalysisAI
NULL pointer dereference in GPAC MP4Box v2.4 crashes the application when processing a specially crafted MP4 file, delivering a denial of service against any user or automated pipeline invoking the tool. The flaw is isolated to the TrackWriter handling component in filters/mux_isom.c, triggered by malformed MP4 input that causes an unvalidated pointer dereference. No public exploit code has been identified and this CVE does not appear in CISA KEV; SSVC rates exploitation status as none with no automation potential, consistent with a limited, file-delivery-dependent attack surface.
Technical ContextAI
GPAC is an open-source multimedia framework widely used for packaging, editing, and inspecting ISO Base Media File Format (ISOBMFF/MP4) containers; MP4Box is its primary command-line tool. The vulnerability resides in filters/mux_isom.c within the TrackWriter component, which handles track multiplexing during MP4 container construction and writing. CWE-476 (NULL Pointer Dereference) identifies the root cause class: a pointer is consumed without being validated for NULL, causing an access violation and process crash when malformed or structurally abnormal MP4 input causes an expected object reference to be absent - a pattern common in media demuxers and remuxers when crafted files bypass normal initialization paths. The CPE data provided (cpe:2.3:a:n/a:n/a) is non-specific and unusable for automated asset inventory queries; defenders must match directly against the explicit product and version string from the CVE description.
RemediationAI
No vendor-released patch version is confirmed from the available references. The primary technical references point to an oss-security mailing list post (http://www.openwall.com/lists/oss-security/2026/06/13/5) and a researcher post on infosec.exchange - neither confirms a tagged patched release. Patch availability per vendor advisory should be monitored directly in the GPAC project repository targeting filters/mux_isom.c. As a compensating control, organizations running automated MP4 processing pipelines should sandbox or containerize MP4Box invocations so that a process crash does not propagate to dependent services - note that sandboxing adds latency and operational overhead. Implement process watchdog/restart logic with alerting on abnormal termination to detect repeated crash attempts. Restrict ingestion of untrusted MP4 files into any pipeline invoking GPAC MP4Box 2.4 until a confirmed fix version is available from the vendor.
Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali
Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST
Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when
Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_
Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc
Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210143
GHSA-v7rj-wmp7-c87g