CVE Catalog

CVE-2025-55639

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

24th percentile — higher than 24% of all known CVEs

Summary

A NULL pointer dereference vulnerability was discovered in GPAC MP4Box v2.4 in the gf_isom_add_track_kind() function at isomedia/isom_write.c. Attackers can exploit this by crafting a malicious MP4 file to cause a Denial of Service (DoS).

Risk Assessment

The risk involves a remote attacker being able to crash applications using GPAC MP4Box by providing a malicious MP4 file, potentially leading to service unavailability.

Recommendation

It is recommended to immediately update GPAC MP4Box to the latest available version that includes a fix for this vulnerability. Until updated, avoid processing untrusted MP4 files.

Original NVD description (English source)

GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind() function at isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS