CVE Catalog

CVE-2025-52293

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

A segmentation violation in the gf_hevc_read_sps_bs_internal function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying crafted HEVC SPS data.

Risk Assessment

An attack leading to service unavailability can impact the organization's operational continuity and user trust.

Recommendation

It is recommended to update to the latest version of GPAC MP4Box to mitigate this vulnerability and to monitor systems for unauthorized access attempts.

Original NVD description (English source)

A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS