Denial of Service Vulnerability in GPAC MP4Box by GPAC
CVE-2025-55663

5.5MEDIUM

Key Information:

Vendor: GPAC
Status: GPAC MP4Box
Vendor: CVE Published:; 15 June 2026

What is CVE-2025-55663?

A segmentation violation occurring in the Track_SetStreamDescriptor function of GPAC MP4Box v2.4 allows attackers to exploit the software by delivering a specially crafted MP4 file. This results in a Denial of Service condition, disrupting normal operation and potentially impacting users. It is crucial for organizations using this product to assess their exposure and implement necessary security measures to guard against this vulnerability.

References

https://infosec.exchange/@sigdevel/116733899601128471

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Aug 13, 2025

CVE-2025-55663 Data

JSON