A vulnerability, which was classified as problematic, was found in GPAC 26.02.0. This affects the function nhmldump_send_frame of the file src/filters/write_nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference.

This vulnerability appears as CVE-2026-14790. The attack requires local access. In addition, an exploit is available.

A patch should be applied to remediate this issue.

The project explains: “I would consider most of these more as bugs than vulns but anyway they’re good to fix”.