CVE-2025-55639

An attacker crafts an MP4 file containing MPEG-H Audio tracks that causes the `kind` parameter to be NULL when `gf_isom_add_track_kind()` is called. Importing this file with `./MP4Box -add crafted.mp4 -new /dev/null` triggers a segmentation fault during track import due to a NULL pointer dereference in `strdup()` [ref_id=1]. No authentication or special privileges are required; the attacker only needs to deliver the malicious file to the victim.

The vulnerability is in the `gf_isom_add_track_kind()` function in `isomedia/isom_write.c` (line 3153). The function does not validate the `kind` parameter before passing it to `strdup()`, leading to a NULL pointer dereference when processing a crafted MP4 file containing MPEG-H Audio tracks [ref_id=1].

The patch is not available in the bundle, so no fix diff can be analyzed. The advisory describes a NULL pointer dereference in `gf_isom_add_track_kind()` at line 3153 of `isomedia/isom_write.c`, where the `kind` parameter is passed to `strdup()` without a NULL check [ref_id=1]. A proper fix would require adding a NULL check on the `kind` argument before calling `strdup()`, or validating that the input track metadata provides a valid non-NULL kind string.