Unrated severityNVD Advisory· Published Jul 18, 2025· Updated Jul 18, 2025

GPAC dash_client.c gf_dash_download_init_segment null pointer dereference

CVE-2025-7797

Description

A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 153ea314b6b053db17164f8bc3c7e1e460938eaa. It is recommended to apply a patch to fix this issue.

Affected products

GPAC/GPACdescription
Gpac/Gpacllm-fuzzy
Range: <=2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/gpac/gpac/commit/153ea314b6b053db17164f8bc3c7e1e460938eaamitrepatch
drive.google.com/file/d/1Z-C6RajpZ40ujo1iGNt3_mG855mPbs1Q/viewmitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000