PT-2026-45417 · Gpac · Mp4Box
Published
2025-08-14
·
Updated
2026-06-02
·
CVE-2025-60485
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
GPAC Project/MP4Box versions prior to 26.02.0
Description
A segmentation violation occurs in the
gf isom apple set tag ex() function located in /isomedia/isom write.c due to pointer dereferencing. This allows an attacker to cause a Denial of Service (DoS) by providing a specially crafted MP4 file.Recommendations
Update to version 26.02.0 or later.
Exploit
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mp4Box