CVE-2025-70307
Published: 15 January 2026
Summary
CVE-2025-70307 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Gpac Gpac. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow enables direct application DoS via crafted network input, matching T1499.004 Application or System Exploitation.
NVD Description
A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
Deeper analysisAI
CVE-2025-70307, published on 2026-01-15, is a stack-based buffer overflow vulnerability (CWE-121) in the dump_ttxt_sample function of GPAC version 2.4.0. The flaw allows attackers to trigger a crash via a crafted packet, earning a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with no confidentiality or integrity effects.
Remote attackers require no privileges or user interaction to exploit the vulnerability over the network with low complexity. By sending a specially crafted packet to a vulnerable GPAC instance, they can cause a denial of service through stack overflow, potentially crashing the application and disrupting multimedia processing or related services.
A proof-of-concept exploit for the vulnerability is publicly available on GitHub at https://github.com/zakkanijia/POC/blob/main/gpac_boxDump/GPAC_tx3g.md. No official advisories or patches are referenced in the available information.
Details
- CWE(s)