The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
https://github.com/gpac/gpac/issues/1753
https://github.com/gpac/gpac/commit/e74be5976a6fee059c638050a237893f7e9a3b23