CVE-2025-55658
Received Received - Intake
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2025-55658
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gpac mp4box 2.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-55658 is a vulnerability in GPAC MP4Box version 2.4 where a floating point exception occurs in the gf_opus_parse_packet_header function located in media_tools/av_parsers.c.

This flaw allows attackers to trigger a Denial of Service (DoS) condition by providing a specially crafted MP4 file that exploits this floating point exception.

Impact Analysis

The primary impact of this vulnerability is a Denial of Service (DoS), which means an attacker can cause the affected application (GPAC MP4Box v2.4) to crash or become unresponsive by processing a maliciously crafted MP4 file.

This can disrupt normal operations, potentially affecting any system or service relying on this software for media processing.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55658. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart