Submit #736541: gpac v2.4.0 NULL Pointer Dereferenceinfo

Titlegpac v2.4.0 NULL Pointer Dereference
DescriptionA NULL pointer dereference vulnerability exists in the gf_media_export_webvtt_metadata() function in src/media_tools/media_export.c. When processing a crafted MP4 file containing a track whose handler box (hdlr) has no name field, the handler pointer (nameUTF8) is NULL and is passed directly to gf_fprintf() with the %s format specifier, resulting in undefined behavior.
Source⚠️ https://github.com/gpac/gpac/issues/3428
User
 Kery Qi (UID 94424)
Submission01/12/2026 13:47 (3 months ago)
Moderation01/25/2026 10:53 (13 days later)
StatusAccepted
VulDB entry342804 [GPAC up to 2.4.0 media_export.c gf_media_export_webvtt_metadata Name null pointer dereference]
Points19

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!