A vulnerability classified as problematic was found in GPAC up to 26.1.x . Affected by this issue is the function gf_odf_ac4_cfg_dsi_v1 of the file /odf/descriptors.c of the component MP4Box . Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2025-60481 . The attack can only be executed locally. There is no exploit available. Upgrading the affected component is advised.