CVE-2025-55659NVD

Vulnerability Summary

A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

Severity Level

MEDIUM(6.5)

Published Date

Jun 9, 2026

Last Modified

Jun 9, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.03%Probability

Root Weakness (CWE)

CWE-476: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityNone

IntegrityNone

AvailabilityHigh

External References

https://infosec.exchange/@sigdevel/116710743410087676

Critical Alert

CVE Watchtower

CVE-2025-55659NVD

Vulnerability Summary

External References