CVE-2025-70298
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gpac | gpac | 2.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read in the oggdmx_parse_tags function of GPAC version 2.4.0. An out-of-bounds read occurs when the software reads data outside the boundaries of allocated memory, which can lead to unexpected behavior or crashes. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by causing a denial of service (crash) due to the out-of-bounds read. According to the CVSS score, it has a high impact on availability (A:H) but only a low impact on confidentiality (C:L) and no impact on integrity or requiring privileges or user interaction. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by using the proof-of-concept (POC) available at the provided GitHub resource, which demonstrates the out-of-bounds read in the oggdmx_parse_tags function of GPAC v2.4.0. Specific commands are not detailed, but reviewing and running the POC code from the GitHub link can help identify if the vulnerability is present. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not explicitly detailed in the provided resources. However, general best practices include updating GPAC to a version where this vulnerability is fixed or applying any available patches. If updates are not available, restricting network access to vulnerable services and monitoring for exploitation attempts are advisable.