CVE-2025-55649
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
A NULL pointer dereference in the gf_media_map_esd function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
Risk Assessment
Attackers can exploit this vulnerability to disrupt application functionality, potentially leading to service outages and loss of system availability.
Recommendation
It is recommended to update to the latest version of GPAC MP4Box to mitigate this vulnerability and to monitor systems for potential attack attempts.
Original NVD description (English source)
A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

