PT-2026-49270

A NULL pointer dereference in the TrackWriter handling component filters/mux isom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55649

A NULL pointer dereference in the gfmediamapesd function mediatools/isomtools.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55661

A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55661

Summary: CVE-2025-55661 concerns GPAC MP4Box v2.4, specifically its Opus audio stream parser. The issue is a heap buffer overflow in parsing Opus data, which can be triggered by processing a crafted MP4 file and may cause a Denial of Service. The threat is assessed locally (attack vector: local) ...

CVE-2025-55647

The CVE-2025-55647 entry concerns GPAC MP4Box v2.4. The vulnerability is an Out-of-Memory in mp4_mux_cenc_insert_pssh (filters/mux_isom.c) that allows a crafted MP4 file to cause a Denial of Service. Affected component is the mp4_mux_cenc_insert_pssh function; the root cause is memory exhaustion ...

CVE-2025-55645

GPAC MP4Box v2.4 is affected by a heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c). The issue can lead to Denial of Service when processing a crafted MP4 file. Affected component/file and root cause are stated in multiple sources; explicit exploit details or in-the-wi...

CVE-2025-55642

GPAC MP4Box v2.4 contains a floating point exception in avidmx_process (isomedia/isom_write.c) per CVE-2025-55642. Affected component: GPAC MP4Box 2.4. Reported impact: runtime crash due to FP exception. Connected sources confirm the flaw and CVE mapping; remediation status is not provided in the...

CVE-2025-55660

The connected EUVD entry confirms a stack overflow in the function gf_opus_read_length (file media_tools/av_parsers.c ) of GPAC MP4Box v2.4 , enabling a Denial of Service (DoS) when processing a crafted MP4 file. The same CVE ID (CVE-2025-55660) is echoed across multiple sources (NVD, CVE lists, ...

CVE-2025-55641

CVE-2025-55641 describes a NULL pointer dereference in GPAC MP4Box v2.4, specifically in gf_isom_copy_sample_info (isomedia/isom_write.c). The issue allows a crafted MP4 file to trigger a Denial of Service. The available data identifies the vulnerable component and function, and the underlying ca...

PT-2026-49273

An Out-of-Memory in the mp4 mux cenc insert pssh function filters/mux isom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55650

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55643

A NULL pointer dereference in the TrackWriter handling component filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55663

A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49280

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A segmentation violation in the Track SetStreamDescriptor function within the isomedia/track.c file allows attackers to cause a Denial of Service DoS by providing a specially crafted MP4 file. Recommendation...

CVE-2025-55649

CVE-2025-55649 affects GPAC MP4Box v2.4 (GPAC project). A NULL pointer dereference in gf_media_map_esd (media_tools/isom_tools.c) can be triggered by a crafted MP4 file, enabling a Denial of Service. Multiple connected sources (NVD, CVE listing, EUVD/OSV entries, Debian/Ubuntu specs) confirm the ...

CVE-2025-55650

GPAC MP4Box v2.4 is affected by a heap use-after-free in gf_node_get_tag (scenegraph/base_scenegraph.c) that enables Denial of Service via crafted MP4 files. Impact: availability DoS. Root cause: heap use-after-free. Affected component: GPAC MP4Box 2.4; vulnerability location: gf_node_get_tag in ...

CVE-2025-55647

An Out-of-Memory in the mp4muxcencinsertpssh function filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55647

An Out-of-Memory in the mp4muxcencinsertpssh function filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

Linux Distros Unpatched Vulnerability : CVE-2025-52292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack buffer overflow in the fileinprocess function infile.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4...

Linux Distros Unpatched Vulnerability : CVE-2025-55659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the cttsboxwrite function isomedia/boxcodebase.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplyi...