← back
CVE-2025-55651

CVE-2025-55651

CVSS 5.5 MEDIUMEPSS 0.2%CWE-476
A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products
n/a · n/a
public PoCs found1
cve_referencegithub.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/4/4_poc.mp4unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/4/4_poc.mp4https://infosec.exchange/@sigdevel/116710512103919834http://www.openwall.com/lists/oss-security/2026/06/13/18