VYPR
Medium severity4.3NVD Advisory· Published May 27, 2026· Updated Jun 1, 2026

CVE-2025-70116

CVE-2025-70116

Description

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields (e.g., codec/mime/profile strings). gf_media_map_esd then calls strlen() on a NULL pointer, triggering a crash (ASan SEGV).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Gpac/Gpacreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.