Denial of Service Vulnerability in GPAC Project's MP4Box
CVE-2025-60483

5.5MEDIUM

Key Information:

Vendor: GPAC Project
Status: MP4Box
Vendor: CVE Published:; 1 June 2026

🔔 Create GPAC Project Vulnerability Alert

What is CVE-2025-60483?

A vulnerability exists in the MP4Box tool of the GPAC Project, where a NULL pointer dereference in the 'gf_ac4_pres_b_4_back_channels_present' function can be exploited by attackers. By supplying a specially crafted AC4 file, attackers can trigger a denial of service, potentially causing the application to crash or become unresponsive. It is crucial for users of affected versions to update to secure their systems against this flaw.

References

https://github.com/gpac/gpac/commit/13eb5b76560aaf7813b86...

https://github.com/gpac/gpac/issues/3302

https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Bo...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Sep 26, 2025

CVE-2025-60483 Data

JSON