漏洞概述 漏洞名称: CVE-2025-60485 - NULL Pointer Dereference in GPAC/MP4Box 漏洞类型: NULL指针解引用 漏洞描述: 处理包含损坏的“esds”框和不完整框结构的MP4文件时,会在 函数中触发NULL指针解引用(读取地址0x0),导致MP4Box崩溃。 影响范围 受影响组件: - - - - 受影响产品: MP4Box (GPAC多媒体开源项目) 受影响版本: 2.5-DEV-rev1687-ge44a4e2b0-master,commit 。任何未应用修复提交的等效代码库均受影响。 攻击条件: 攻击者提供包含损坏“esds”框(无效描述符大小)和不完整框结构的MP4文件。需要本地访问;受害者必须调用 或任何触发muxer PID设置和标签写入路径的等效MP4Box操作。 影响: NULL指针解引用(读取地址0x000000000000)导致进程立即崩溃,造成拒绝服务。未观察到任意代码执行;故障访问是NULL读取,无法用于控制流劫持。 修复方案 修复/缓解状态: 修复在 中解引用之前添加NULL检查。用户应升级到包含提交 的发布版本,或直接应用该补丁。 参考: - Issue: github.com/gpac/gpac/issues/33... - PoC: github.com/sigdevel/pocs/blob/... - Fix: github.com/gpac/gpac/commit/48... POC代码 ```c / Copyright (c) 2005-2016, Guillaume Chéreau All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include <gpac/internal/is