Floating Point Exception in GPAC MP4Box

Publication date: 2026-06-09

Last updated on: 2026-06-12

Assigner: MITRE

Description

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-12

Generated

2026-06-30

AI Q&A

2026-06-09

EPSS Evaluated

2026-06-28

NVD

CVE-2025-55658

Affected Vendors & Products

Vendor	Product	Version / Range
gpac	gpac	2.4

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-1077	The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision.
CWE-400	The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

Executive Summary

CVE-2025-55658 is a vulnerability in GPAC MP4Box version 2.4 where a floating point exception occurs in the gf_opus_parse_packet_header function located in media_tools/av_parsers.c.

This flaw allows attackers to trigger a Denial of Service (DoS) condition by providing a specially crafted MP4 file that exploits this floating point exception.

Impact Analysis

The primary impact of this vulnerability is a Denial of Service (DoS), which means an attacker can cause the affected application (GPAC MP4Box v2.4) to crash or become unresponsive by processing a maliciously crafted MP4 file.

This can disrupt normal operations, potentially affecting any system or service relying on this software for media processing.

Hi! I’m here to help you understand CVE-2025-55658. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70