CVE-2025-55639
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
A NULL pointer dereference vulnerability was discovered in GPAC MP4Box v2.4 in the gf_isom_add_track_kind() function at isomedia/isom_write.c. Attackers can exploit this by crafting a malicious MP4 file to cause a Denial of Service (DoS).
Risk Assessment
The risk involves a remote attacker being able to crash applications using GPAC MP4Box by providing a malicious MP4 file, potentially leading to service unavailability.
Recommendation
It is recommended to immediately update GPAC MP4Box to the latest available version that includes a fix for this vulnerability. Until updated, avoid processing untrusted MP4 files.
Original NVD description (English source)
GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind() function at isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

