These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A NULL pointer dereference vulnerability exists in GPAC MP4Box when parsing malformed MP4 files. The issue occurs in `gf_media_map_esd` within the media tools ISOM utilities, where an unknown or invalid `stsd` (sample description) entry can result in missing descriptor fields—specifically codec, MIME type, or profile strings. When these fields are absent, the function subsequently calls `strlen()` on a NU [truncated]
A memory leak vulnerability exists in GPAC up to version 2.4.0, specifically within the Media_GetSample function in src/isomedia/media.c. The vulnerability is triggered through manipulation of the 'cat' argument when processing MP4 files via the MP4Box component. This issue results in memory leak (CWE-401/CWE-404) with availability impact. The attack vector is local, requiring low privileges but no user i [truncated]
A null pointer dereference vulnerability exists in GPAC up to version 2.4.0, specifically within the MergeFragment function in src/isomedia/isom_intern.c. The issue affects the MP4Box component and can be triggered through local manipulation. The vulnerability has been assigned a CVSS 4.0 score of 1.9 (LOW severity) with an attack vector of local access, low attack complexity, and low availability impact. [truncated]