CVE Catalog

CVE-2025-55645

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

A heap buffer overflow in the gf_cenc_set_pssh function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

Risk Assessment

This vulnerability may lead to application disruption, affecting the availability of services within the organization.

Recommendation

It is recommended to update GPAC MP4Box to the latest version to mitigate this vulnerability and to monitor systems for suspicious MP4 files.

Original NVD description (English source)

A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS