CVE Catalog
CVE-2025-52293
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk0.04%
12th percentile - higher than 12% of all known CVEs
Summary
A segmentation violation in the gf_hevc_read_sps_bs_internal function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying crafted HEVC SPS data.
Risk Assessment
An attack leading to service unavailability can impact the organization's operational continuity and user trust.
Recommendation
It is recommended to update to the latest version of GPAC MP4Box to mitigate this vulnerability and to monitor systems for unauthorized access attempts.
Original NVD description (English source)
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.

