CVE-2025-7797

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-7797

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7797.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-7797

Downstream

DEBIAN-CVE-2025-7797

UBUNTU-CVE-2025-7797

Published

2025-07-18T18:15:25.380Z

Modified

2026-04-12T22:13:22.782929Z

Severity

5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gfdashdownloadinitsegment of the file src/mediatools/dashclient.c. The manipulation of the argument baseiniturl leads to null pointer dereference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 153ea314b6b053db17164f8bc3c7e1e460938eaa. It is recommended to apply a patch to fix this issue.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type

GIT

Repo

https://github.com/gpac/gpac

Events

Introduced

Last affected

5d70253ac94e5840be7b86054131dd753af63cc7

Fixed

153ea314b6b053db17164f8bc3c7e1e460938eaa

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0"
        }
    ]
}

Affected versions

Other

abi-12

abi-12.*

abi-12.16

abi-12.17

abi-12.18

abi-12.19

abi-12.20

abi-12.21

abi-12.22

abi-12.23

abi-12.24

abi-12.25

abi-12.26

abi-12.27

testtag0.*

testtag0.1

v0.*

v0.5.2

v0.6.0

v0.9.0

v0.9.0-preview

v1.*

v1.0.0

v2.*

v2.0.0

v2.2.0

v2.4.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "286996297905057604677606173910855338494",
            "length": 9548.0
        },
        "id": "CVE-2025-7797-3bea8b9c",
        "signature_type": "Function",
        "source": "https://github.com/gpac/gpac/commit/153ea314b6b053db17164f8bc3c7e1e460938eaa",
        "deprecated": false,
        "target": {
            "function": "gf_dash_download_init_segment",
            "file": "src/media_tools/dash_client.c"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "60702139257110300703903503749795927130",
                "108135364681610205727461842145178254613",
                "136986047607722977826532524904402145360"
            ]
        },
        "id": "CVE-2025-7797-d45a123d",
        "signature_type": "Line",
        "source": "https://github.com/gpac/gpac/commit/153ea314b6b053db17164f8bc3c7e1e460938eaa",
        "deprecated": false,
        "target": {
            "file": "src/media_tools/dash_client.c"
        },
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7797.json"

vanir_signatures_modified

"2026-04-12T22:13:22Z"