Primary

Context

gpac Segmentation Fault Vulnerability in MP4Box

Vulnerability

A segmentation fault vulnerability has been identified in gpac version 2.4 within the MP4Box application. The issue arises in the 'isom_cenc_get_sai_by_saiz_saio' function, located in 'src/isomedia/drm_sample.c'. This vulnerability is likely caused by dereferencing a null pointer, which can lead to a crash.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the MP4Box application.

Reproduction

The vulnerability can be reproduced by cloning the gpac repository, checking out the specific commit '5d70253', and then compiling the application with AddressSanitizer enabled. After compiling, MP4Box can be run with the '-dash' option, which triggers the segmentation fault.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

gpac Segmentation Fault Vulnerability in MP4Box

Vulnerability

Impact

Reproduction

Affected Products

gpac

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating