CVE-2025-55643
Description
A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
CVE-2025-55643 NameCVE-2025-55643 SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed packages The table below lists information on source packages. Source PackageReleaseVersionStatus gpac (PTS)bullseye (security), bullseye1.0.1+dfsg1-4+deb11u3vulnerable Theβ¦
CVE-2025-55643
| Name | CVE-2025-55643 |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| gpac (PTS) | bullseye (security), bullseye | 1.0.1+dfsg1-4+deb11u3 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gpac | source | bullseye | (unfixed) | end-of-life | ||
| gpac | source | (unstable) | (unfixed) |
Notes
[bullseye] - gpac <end-of-life> (out of LTS support)
Apply commands
[bullseye] - gpac <end-of-life> (out of LTS support)OS impact
Debian Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| bullseye | Affected | β |
References
CWEs
CWE-476
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.