CVE-2025-55644
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
A heap use-after-free vulnerability in the gf_node_get_tag function of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
Risk Assessment
This vulnerability can lead to service outages, affecting the availability of the application and disrupting the operation of systems using GPAC MP4Box.
Recommendation
It is recommended to update to the latest version of GPAC MP4Box to mitigate this vulnerability and to monitor systems for unusual MP4 files.
Original NVD description (English source)
A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

