PatchSiren cyber security CVE debrief
CVE-2025-55652 GPAC CVE debrief
A heap buffer overflow vulnerability was discovered in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4. This vulnerability, tracked as CVE-2025-55652, allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM.
- Vendor
- GPAC
- Product
- MP4Box
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of GPAC MP4Box v2.4 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a heap buffer overflow in the gf_isom_vp_config_new function. This function is part of the GPAC MP4Box v2.4 software. An attacker can exploit this vulnerability by providing a specially crafted MP4 file, which can lead to a Denial of Service (DoS).
Defensive priority
MEDIUM
Recommended defensive actions
- Update GPAC MP4Box to a version that is not vulnerable.
- Use caution when handling MP4 files from untrusted sources.
Evidence notes
The CVE record for CVE-2025-55652 was published on [resourceLinkAnnotations:cve-org]. Additional information can be found on the NVD website [resourceLinkAnnotations:nvd].
Official resources
-
CVE-2025-55652 CVE record
CVE.org
-
CVE-2025-55652 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2025-55652 was published on 2026-06-15T20:16:24.137Z and modified on 2026-06-15T21:16:37.177Z.