CVE-2025-55643
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
A NULL pointer dereference in the TrackWriter handling component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
Risk Assessment
The organization may experience service outages related to MP4 file playback, potentially leading to loss of user trust and financial losses.
Recommendation
It is recommended to update GPAC MP4Box to the latest version to mitigate this vulnerability and to monitor systems for unauthorized attempts to deliver malicious files.
Original NVD description (English source)
A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

