Denial of Service Vulnerability in MP4Box by GPAC Project
CVE-2025-60481

5.5MEDIUM

Key Information:

Vendor: GPAC Project
Status: MP4Box
Vendor: CVE Published:; 1 June 2026

🔔 Create GPAC Project Vulnerability Alert

What is CVE-2025-60481?

A vulnerability exists in the MP4Box media framework developed by GPAC Project that can lead to a Denial of Service condition. This arises from a NULL pointer dereference within the gf_odf_ac4_cfg_dsi_v1 function when processing specially crafted AC4 files. Attackers can exploit this vulnerability to cause the application to crash, interrupting service and affecting user experience. It is essential for users of MP4Box to apply timely updates to mitigate this risk.

References

https://github.com/gpac/gpac/commit/e02d1fd24cdc26acb1b23...

https://github.com/gpac/gpac/issues/3296

https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Bo...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Sep 26, 2025

CVE-2025-60481 Data

JSON