Fczhang

**Name of the Vulnerable Software and Affected Versions** GPAC versions prior to 2.4.1 **Description** A security flaw in the MP4Box component allows for a null pointer dereference, which occurs when the `MergeFragment()` function in the `src/isomedia/isom intern.c` file is manipulated. This issue requires local access to be exploited. **Recommendations** Apply patch 525bf1af642c30af04e4df5345e6d798c0a4d8a1 to resolve the issue. As a temporary workaround, restrict access to the `MergeFragment()` function within the MP4Box component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GPAC versions prior to 2.4.1 **Description** A memory leak occurs in the MP4Box component within the `Media GetSample()` function located in the `src/isomedia/media.c` file. This issue is triggered by the manipulation of the `cat` argument and can only be executed from a local environment. **Recommendations** Apply patch e79c5cbe8b3fed27f4854ec229457d30c96206f1 to resolve the issue.