Null Pointer Dereference Vulnerability in GPAC Media File Handler
CVE-2026-14790
Key Information:
Badges
What is CVE-2026-14790?
A flaw exists in GPAC version 26.02.0 within the Media File Handler's function nhmldump_send_frame, specifically in the src/filters/write_nhml.c file. This vulnerability allows an attacker with local access to manipulate the function, potentially leading to a null pointer dereference. The exploit has been publicly documented, and a patch (bd1d94e70e3bef364c07c5a1d94eca5c9f56e160) has been provided to address this issue. While the project views some aspects as bugs rather than vulnerabilities, applying the patch is essential for remediation.
Affected Version(s)
GPAC 26.02.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
