CVE-2025-7797Improper Resource Shutdown or Release in Gpac

CWE-404Improper Resource Shutdown or ReleaseCWE-476NULL Pointer Dereference4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 51.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GpacDebian Gpac
Timeline
PublishedJul 18

Description

A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 153ea314b6b053db17164f8bc3c7e1e460938eaa. It is recommended to apply a patch to fix this issue.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

NVDgpac/gpac2.4.0
CVEListV5gpac/gpac5 versions+4
debiandebian/gpac

Patches

Patch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-45x8-4rg4-4ffp: A vulnerability was found in GPAC up to 22025-07-18
OSV
CVE-2025-7797: A vulnerability was found in GPAC up to 22025-07-18

📋Vendor Advisories

1
Debian
CVE-2025-7797: gpac - A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. A...2025
CVE-2025-7797 — Improper Resource Shutdown or Release | cvebase