PatchSiren cyber security CVE debrief
CVE-2025-55650 GPAC CVE debrief
CVE-2025-55650 is a medium-severity vulnerability in GPAC MP4Box v2.4. A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. The CVSS score for this vulnerability is 5.5.
- Vendor
- GPAC
- Product
- MP4Box
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of GPAC MP4Box v2.4 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Defensive priority
medium
Recommended defensive actions
- Update GPAC MP4Box to a version that is not vulnerable.
- Use a vulnerability scanner to identify vulnerable systems.
- Implement a Denial of Service (DoS) protection mechanism.
Evidence notes
The CVE record was published on 2026-06-15T20:16:24.030Z and last modified on 2026-06-15T21:16:37.030Z.
Official resources
-
CVE-2025-55650 CVE record
CVE.org
-
CVE-2025-55650 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2025-55650 was published on 2026-06-15T20:16:24.030Z.