CVE-2026-1415

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions GPAC versions up to 2.4.0

Description A flaw exists in GPAC where manipulation of the Name argument within the gf media export webvtt metadata function, located in the src/media tools/media export.c file, can lead to a null pointer dereference. This issue requires local access to exploit. The exploit is publicly available.

Recommendations Deploy the patch with identifier af951b892dfbaaa38336ba2eba6d6a42c25810fd.

Exploit

Fix

NULL Pointer Dereference

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

BDU:2026-03616

CVE-2026-1415

Affected Products

Gpac

Red Os

CVE-2026-1415

Weakness Enumeration

Related Identifiers

Affected Products

References · 20