Threat Intelligence Database

A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c).

A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.

CVE-2025-60495 is a medium severity vulnerability in the GPAC Project's MP4Box tool before version 26.02.0. It involves a segmentation violation in the gf_media_get_color_info function, which can be triggered by processing a crafted data file. This leads to a denial of service (DoS) condition. There is no confirmed patch or official remediation available at this time. No known exploits are reported in the wild.

CVE-2025-60486 is a medium severity vulnerability in the GPAC Project's MP4Box tool before version 26.02.0. It involves a heap use-after-free flaw in the dasher_process function within the /filters/dasher.c source file. An attacker can trigger a Denial of Service (DoS) by supplying a specially crafted MPEG-2 file. There is no confirmed patch or official remediation available as of the published date. The vulnerability requires local access with low attack complexity and no privileges but user interaction is needed. No known exploits have been reported in the wild.

CVE-2025-60485 is a vulnerability in the GPAC Project's MP4Box software before version 26.02.0. It involves a segmentation violation in the gf_isom_apple_set_tag_ex function, which can be triggered by processing a specially crafted MP4 file. This vulnerability allows an attacker to cause a denial of service (DoS) by crashing the application. The vulnerability has a medium severity with a CVSS score of 5.5. There is no information about an available patch or official remediation at this time.

CVE-2025-60483 is a medium severity vulnerability in the GPAC Project/MP4Box software before version 26.02.0. It involves a NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function within the av_parsers.c source file. An attacker can trigger a denial of service (DoS) by supplying a specially crafted AC4 media file. There is no confirmed patch or official remediation available as of the published date. The vulnerability requires local access (AV:L) and user interaction (UI:R) to exploit, and it does not impact confidentiality or integrity, only availability. No known exploits are reported in the wild, and no vendor advisory or patch information is currently available.

CVE-2025-60481 is a medium severity vulnerability in the GPAC Project/MP4Box software prior to version 26.02.0. It involves a NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function within the /odf/descriptors.c file. An attacker can trigger a denial of service (DoS) by supplying a specially crafted AC4 file. There is no confirmed patch or official remediation available at this time.

CVE-2025-55664 is a heap buffer overflow vulnerability in the m2tsdmx_send_packet function of GPAC MP4Box version 2.4. This flaw allows an attacker to cause a denial of service (DoS) by supplying a specially crafted MP4 file. The vulnerability does not impact confidentiality or integrity but can disrupt availability by crashing the application. No official patch or remediation guidance is currently available, and no known exploits in the wild have been reported.