Gpac
CVE-2025-70309
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.
AnalysisAI
A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file. [CVSS 5.5 MEDIUM]
Technical ContextAI
Classified as CWE-121 (Stack-based Buffer Overflow). Affects the pcmreframe_flush_packet component of Gpac. A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.
RemediationAI
Monitor vendor advisories for a patch.
More from same product – last 7 days
Divide-by-zero in GPAC's MP4Box AVI demuxer crashes the process when handling crafted media files with zero-declared fra
Heap-based buffer overflow in GPAC MP4Box (all versions prior to fix commit 61bbfd2e89553373ba3449b8ec05b5f098d732a5) al
NULL pointer dereference in GPAC's MP4Box fragmentation pipeline allows unauthenticated remote attackers to crash the ap
NULL pointer dereference in GPAC's MP4Box crashes the application when importing a crafted MP4 file containing corrupted
Use-after-free memory corruption in GPAC's MP4Box triggers via gf_node_get_tag when parsing a crafted MP4 file containin
Share
External POC / Exploit Code
Leaving vuln.today