Denial of Service Vulnerability in GPAC MP4Box by GPAC
CVE-2025-55649

5.5MEDIUM

Key Information:

Vendor: GPAC
Status: GPAC MP4Box
Vendor: CVE Published:; 15 June 2026

What is CVE-2025-55649?

A vulnerability in the gf_media_map_esd function of GPAC MP4Box v2.4 allows attackers to exploit a NULL pointer dereference. This can lead to a Denial of Service (DoS) condition when a specially crafted MP4 file is processed, potentially crashing the application or rendering it unresponsive. This issue underscores the importance of robust handling of media files in software and the necessity for updates that mitigate such vulnerabilities.

References

https://infosec.exchange/@sigdevel/116736730620435563

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Aug 13, 2025

CVE-2025-55649 Data

JSON