CVE-2025-70302 – A heap overflow vulnerability in GPAC's ghi

Q: What is the severity of CVE-2025-70302?

CVE-2025-70302 has a CVSS score of 5.5 (MEDIUM). A heap overflow vulnerability in GPAC's ghi_dmx_declare_opid_bin() function allows attackers to cause Denial of Service (DoS) through specially crafted input. This affects systems running GPAC v2.4.0 for multimedia processing. Attackers can crash the application by exploiting this memory corruption flaw.

📋 TL;DR

A heap overflow vulnerability in GPAC's ghi_dmx_declare_opid_bin() function allows attackers to cause Denial of Service (DoS) through specially crafted input. This affects systems running GPAC v2.4.0 for multimedia processing. Attackers can crash the application by exploiting this memory corruption flaw.

💻 Affected Systems

Products:

GPAC (Multimedia Framework)

Versions: v2.4.0

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using GPAC v2.4.0 for parsing multimedia files is vulnerable when processing malicious input.

📦 What is this software?

Gpac by Gpac

View all CVEs affecting Gpac →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to service unavailability, potentially allowing remote code execution if combined with other vulnerabilities.

🟠

Likely Case

Application crash and Denial of Service, disrupting multimedia processing services.

🟢

If Mitigated

Limited impact with proper input validation and memory protection mechanisms in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Proof of concept available in GitHub repository demonstrates DoS capability. Requires crafted input to trigger the heap overflow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor GPAC project for security updates. 2. Consider upgrading to newer versions when patch becomes available. 3. Apply any available security patches immediately.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for GPAC processing to reject malformed multimedia files.

# Configure GPAC to only accept trusted file sources
# Implement file hash verification before processing

Memory Protection

all

Enable ASLR and DEP/Stack Protection on systems running GPAC.

# Linux: sysctl -w kernel.randomize_va_space=2
# Windows: Enable Data Execution Prevention (DEP)

🧯 If You Can't Patch

Isolate GPAC instances in restricted network segments
Implement strict file upload controls and scanning for multimedia files

🔍 How to Verify

Check if Vulnerable:

Check GPAC version: gpac -version or examine installed package version.

Check Version:

gpac -version 2>/dev/null || gpac --version

Verify Fix Applied:

Verify GPAC version is newer than v2.4.0 when patch becomes available.

📡 Detection & Monitoring

Log Indicators:

GPAC process crashes
Segmentation fault errors in system logs
Abnormal memory usage patterns

Network Indicators:

Unusual file uploads to GPAC services
Multiple connection attempts with malformed data

SIEM Query:

process:gpac AND (event_id:1000 OR event_id:1001) OR memory_usage:>threshold

📊 Metadata

CVE ID: CVE-2025-70302

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-122

EPSS Score: 0.02% exploit probability (3.9th percentile)

Published: January 15, 2026

Last Updated: January 23, 2026

🔗 References

https://github.com/zakkanijia/POC/blob/main/gpac_ghi/ghi.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-70302, you might also want to check these: