NULL Pointer Dereference Vulnerability in GPAC MP4Box by GPAC
CVE-2025-55643

5.5MEDIUM

Key Information:

Vendor: GPAC
Status: MP4Box
Vendor: CVE Published:; 15 June 2026

What is CVE-2025-55643?

A vulnerability in GPAC MP4Box version 2.4 arises from a NULL pointer dereference in the TrackWriter handling component. This flaw can be exploited by attackers sending specially crafted MP4 files, which may result in a Denial of Service (DoS) condition, thereby compromising system availability and functionality. Users of GPAC MP4Box should review their security posture and apply necessary mitigations.

References

https://infosec.exchange/@sigdevel/116736819671963019

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Aug 13, 2025

CVE-2025-55643 Data

JSON