Heap Buffer Overflow in GPAC MP4Box Affects Video Processing Applications
CVE-2025-55645

5.5MEDIUM

Key Information:

Vendor: GPAC
Status: MP4Box
Vendor: CVE Published:; 15 June 2026

What is CVE-2025-55645?

A heap buffer overflow vulnerability exists in the gf_cenc_set_pssh function within GPAC MP4Box v2.4. This flaw can be exploited by attackers through specially crafted MP4 files, potentially leading to Denial of Service (DoS) conditions in affected applications, compromising video processing functionality.

References

https://infosec.exchange/@sigdevel/116736802253007654

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Aug 13, 2025

CVE-2025-55645 Data

JSON