A vulnerability was found in GPAC up to 2.4.0 and classified as problematic . Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box . The manipulation results in null pointer dereference. This vulnerability was named CVE-2026-9567 . The attack needs to be approached locally. In addition, an exploit is available. It is advisable to implement a patch to correct this issue.