Is there a public PoC exploit available for CVE-2025-70116?

Yes, a public proof-of-concept exploit is available for CVE-2025-70116. Prioritise patching immediately.

GPAC MP4Box CVE-2025-70116

2026-05-27 cve@mitre.org

Denial Of Service

Lifecycle Timeline

1

CVE Published

May 27, 2026 - 17:16 nvd

UNKNOWN (no severity yet)

DescriptionNVD

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields (e.g., codec/mime/profile strings). gf_media_map_esd then calls strlen() on a NULL pointer, triggering a crash (ASan SEGV).

Analysis

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields (e.g., codec/mime/profile strings). gf_media_map_esd then calls strlen() on a NULL pointer, triggering a crash (ASan SEGV).

Share

CVE-2025-70116 vulnerability details – vuln.today

Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy

GPAC MP4Box CVE-2025-70116

Lifecycle Timeline

DescriptionNVD

Analysis

Share

External POC / Exploit Code