CVE-2025-60481

Published: Jun 1, 2026

Modified: Jun 1, 2026

PUBLISHED

Description

A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/gpac/gpac/commit/e02d1fd24cdc26acb1b236ab38b3832cffcae21b

https://github.com/gpac/gpac/issues/3296

https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/45/README.md

https://infosec.exchange/@sigdevel/116659159345966316

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-60481

Description

Affected Products

References