Segmentation Violation in GPAC Project MP4Box Affecting Media Processing
CVE-2025-60495

5.5MEDIUM

Key Information:

Vendor: GPAC Project
Status: MP4Box
Vendor: CVE Published:; 1 June 2026

🔔 Create GPAC Project Vulnerability Alert

What is CVE-2025-60495?

A flaw within the gf_media_get_color_info function of GPAC's MP4Box prior to version 26.02.0 allows attackers to exploit a segmentation violation by supplying specially crafted data files. This can lead to Denial of Service (DoS), disrupting the media processing functionalities and leaving the application vulnerable to further attacks. It's crucial for users of MP4Box to upgrade to the latest version to mitigate this vulnerability.

References

https://github.com/gpac/gpac/issues/3335

https://github.com/gpac/gpac/commit/9beed3c0a2f38505c745e...

https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Bo...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Sep 26, 2025

CVE-2025-60495 Data

JSON