CVE Catalog

CVE-2025-55658

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

10th percentile - higher than 10% of all known CVEs

Summary

GPAC MP4Box version 2.4 was found to contain a floating point exception in the gf_opus_parse_packet_header function, which may lead to application crashes. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Risk Assessment

Organizations may experience service interruptions related to MP4 file processing, potentially leading to loss of user trust and financial losses.

Recommendation

It is recommended to update to the latest version of GPAC MP4Box to mitigate this vulnerability and to monitor systems for suspicious MP4 files.

Original NVD description (English source)

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS