CVE Catalog

CVE-2025-55651

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

6th percentile - higher than 6% of all known CVEs

Summary

A NULL pointer dereference in the gf_isom_get_user_data_count function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

Risk Assessment

Attackers can exploit this vulnerability to disrupt application functionality, potentially leading to service downtime and loss of system availability.

Recommendation

It is recommended to update to the latest version of GPAC MP4Box to mitigate this vulnerability and to monitor systems for unusual MP4 files.

Original NVD description (English source)

A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS