Denial of Service Vulnerability in GPAC MP4Box Software from GPAC
CVE-2025-52293

7.5HIGH

Key Information:

Vendor: GPAC
Status: GPAC MP4Box
Vendor: CVE Published:; 9 June 2026

What is CVE-2025-52293?

A segmentation violation in the gf_hevc_read_sps_bs_internal function of GPAC MP4Box v2.4 exposes users to potential denial of service attacks. Attackers can exploit this vulnerability by delivering specially crafted HEVC SPS data, leading to application crashes and service interruptions. Implementing appropriate security measures and updates is essential to safeguard systems from such attacks.

References

https://infosec.exchange/@sigdevel/116710484148913883

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Jun 16, 2025

CVE-2025-52293 Data

JSON