Out-of-Bounds Read Vulnerability in GPAC GSF Demuxer Filter Component
CVE-2025-70308

7.5HIGH

Key Information:

Vendor: GPAC
Status: GPAC
Vendor: CVE Published:; 15 January 2026

What is CVE-2025-70308?

The GPAC multimedia framework is susceptible to an out-of-bounds read vulnerability in the GSF demuxer filter component. This issue occurs in version 2.4.0 and can be exploited by attackers through the use of a specially crafted .gsf file, resulting in a Denial of Service (DoS). It is crucial for users of GPAC to be aware of this vulnerability to mitigate potential risks associated with the exploitation of this flaw.

References

https://github.com/zakkanijia/POC/blob/main/gpac_gsf/GPAC...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-70308 Data

JSON