CVE-2025-55658
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
GPAC MP4Box version 2.4 was found to contain a floating point exception in the gf_opus_parse_packet_header function, which may lead to application crashes. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
Risk Assessment
Organizations may experience service interruptions related to MP4 file processing, potentially leading to loss of user trust and financial losses.
Recommendation
It is recommended to update to the latest version of GPAC MP4Box to mitigate this vulnerability and to monitor systems for suspicious MP4 files.
Original NVD description (English source)
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

