NULL Pointer Dereference Vulnerability in GPAC MP4Box by GPAC
CVE-2025-55641

5.5MEDIUM

Key Information:

Vendor: GPAC
Status: MP4Box
Vendor: CVE Published:; 15 June 2026

What is CVE-2025-55641?

A vulnerability exists within the gf_isom_copy_sample_info function of GPAC MP4Box v2.4 that allows an attacker to exploit a NULL pointer dereference. By crafting a malicious MP4 file, an attacker can trigger this flaw, resulting in a Denial of Service (DoS) condition. This vulnerability poses a significant risk as it can lead to application crashes and disrupt service availability for users. Mitigation strategies should include applying patches provided by the vendor and implementing security measures to validate file inputs.

References

https://infosec.exchange/@sigdevel/116736775314270129

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Aug 13, 2025

CVE-2025-55641 Data

JSON