CVE Catalog
CVE-2025-55648
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk0.18%
8th percentile — higher than 8% of all known CVEs
Summary
A heap buffer overflow in the gf_opus_parse_packet_header function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
Risk Assessment
Attackers can remotely cause service outages, potentially leading to application or system downtime.
Recommendation
It is recommended to update to the latest version of GPAC MP4Box to mitigate this vulnerability and to monitor systems for unusual MP4 files.
Original NVD description (English source)
A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

