GPAC is a multimedia framework for rich media and is distributed under the LGPL license. vwid_box_del function in box_code_base.c in GPAC 20200801 and earlier versions is vulnerable to null pointer dereference. An attacker could exploit this vulnerability to cause a denial of service.