Gpac Gpac

  1. Vendors
  2. Gpac

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Gpac product.

RSS Feeds for Gpac security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Gpac products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Gpac Sorted by Most Security Vulnerabilities since 2018

Gpac376 vulnerabilities

Gpac Mp4box46 vulnerabilities

By the Year

In 2026 there have been 49 vulnerabilities in Gpac with an average score of 5.6 out of ten. Last year, in 2025 Gpac had 6 security vulnerabilities published. That is, 43 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.61




Year Vulnerabilities Average Score
2026 49 5.59
2025 6 6.20
2024 17 6.90
2023 84 6.76
2022 98 6.20
2021 116 6.75
2020 9 5.50
2019 23 7.03
2018 3 9.80

It may take a day or so for new Gpac vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Gpac Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-55644 Jun 15, 2026
GPAC MP4Box v2.4 Heap UAF in gf_node_get_tag allows DoS A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-55641 Jun 15, 2026
GPAC MP4Box v2.4 DoS via NULL deref in gf_isom_copy_sample_info A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-55650 Jun 15, 2026
GPAC MP4Box v2.4 Heap UAF in gf_node_get_tag Causes DoS A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-55660 Jun 15, 2026
GPAC MP4Box v2.4 DOS via gf_opus_read_length stack overflow A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-55648 Jun 15, 2026
GPAC MP4Box v2.4 Heap Buffer Overflow in gf_opus_parse_packet_header DoS A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-55663 Jun 15, 2026
GPAC MP4Box v2.4 DoS via Segfault in Track_SetStreamDescriptor A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-55652 Jun 15, 2026
GPAC MP4Box v2.4 Heap Buffer Overflow in gf_isom_vp_config_new A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-55649 Jun 15, 2026
GPAC MP4Box v2.4 DoS via NULL ptr in gf_media_map_esd A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-55645 Jun 15, 2026
Heap Buffer Overflow in GPAC MP4Box v2.4 (gf_cenc_set_pssh) Enables DoS A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-55661 Jun 15, 2026
Heap buffer overflow in GPAC MP4Box 2.4 Opus parser causes DoS A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.