CVE-2025-55651NVD

Vulnerability Summary

A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

Severity Level

MEDIUM(5.5)

Published Date

Jun 9, 2026

Last Modified

Jun 10, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.02%Probability

Root Weakness (CWE)

CWE-476: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityNone

IntegrityNone

AvailabilityHigh

External References

https://infosec.exchange/@sigdevel/116710512103919834
https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/4/4_poc.mp4

Critical Alert

CVE Watchtower

CVE-2025-55651NVD

Vulnerability Summary

External References