CVE-2025-70307 – A stack overflow vulnerability in GPAC's dump

Q: What is the severity of CVE-2025-70307?

CVE-2025-70307 has a CVSS score of 7.5 (HIGH). A stack overflow vulnerability in GPAC's dump_ttxt_sample function allows attackers to cause Denial of Service by sending specially crafted packets. This affects systems running vulnerable versions of GPAC multimedia framework. The vulnerability can crash the application, disrupting media processing services.

📋 TL;DR

A stack overflow vulnerability in GPAC's dump_ttxt_sample function allows attackers to cause Denial of Service by sending specially crafted packets. This affects systems running vulnerable versions of GPAC multimedia framework. The vulnerability can crash the application, disrupting media processing services.

💻 Affected Systems

Products:

GPAC Multimedia Framework

Versions: v2.4.0

Operating Systems: All platforms running GPAC

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using GPAC for media processing or file analysis is potentially vulnerable.

📦 What is this software?

Gpac by Gpac

View all CVEs affecting Gpac →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through application crash, potentially affecting dependent media processing pipelines and services.

🟠

Likely Case

Denial of Service causing application crashes when processing malicious media files or streams.

🟢

If Mitigated

Limited impact with proper input validation and memory protection mechanisms in place.

🌐 Internet-Facing: MEDIUM - Exploitation requires sending crafted packets to vulnerable services, but specific attack vectors may be limited.

🏢 Internal Only: LOW - Requires local access or internal network positioning to exploit.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available on GitHub demonstrates exploitation via crafted packets.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not yet released

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Monitor GPAC releases for security updates. 2. Apply patch when available. 3. Restart affected services.

🔧 Temporary Workarounds

Input Validation Filter

linux

Implement network filtering to block suspicious media packets before they reach GPAC.

# Configure firewall rules to restrict incoming media streams
# Example: iptables -A INPUT -p tcp --dport [GPAC_PORT] -m string --string "suspicious_pattern" --algo bm -j DROP

Memory Protection

linux

Enable stack protection mechanisms like ASLR and stack canaries.

# Enable ASLR: sysctl -w kernel.randomize_va_space=2
# Compile with stack protection: gcc -fstack-protector-all

🧯 If You Can't Patch

Isolate GPAC services in restricted network segments
Implement strict input validation for media files before processing

🔍 How to Verify

Check if Vulnerable:

Check GPAC version: gpac -version. If version is 2.4.0, system is vulnerable.

Check Version:

gpac -version 2>&1 | grep -i version

Verify Fix Applied:

After patching, verify version is updated beyond 2.4.0 and test with known malicious samples.

📡 Detection & Monitoring

Log Indicators:

GPAC process crashes
Segmentation fault errors in system logs
Abnormal termination of media processing services

Network Indicators:

Unusual media packet patterns
Multiple connection attempts to GPAC ports with malformed data

SIEM Query:

source="*syslog*" AND ("segmentation fault" OR "gpac" AND "crash")

📊 Metadata

CVE ID: CVE-2025-70307

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.03% exploit probability (8.2th percentile)

Published: January 15, 2026

Last Updated: January 30, 2026

🔗 References

https://github.com/zakkanijia/POC/blob/main/gpac_boxDump/GPAC_tx3g.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-70307, you might also want to check these: