CVE Catalog

CVE-2025-55657

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

Risk Assessment

Attackers can exploit this vulnerability to disrupt the application's operation, potentially leading to service outages for the organization.

Recommendation

It is recommended to update GPAC MP4Box to the latest version to mitigate this vulnerability and to monitor systems for suspicious MP4 files.

Original NVD description (English source)

A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS