CVE Catalog

CVE-2025-55647

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

The mp4_mux_cenc_insert_pssh function in GPAC MP4Box v2.4 has an Out-of-Memory error that allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

Risk Assessment

The organization may experience service outages related to MP4 file processing, potentially leading to loss of user trust and financial losses.

Recommendation

It is recommended to update to the latest version of GPAC MP4Box to mitigate this vulnerability and to monitor systems for unauthorized MP4 files.

Original NVD description (English source)

An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS