Gpac Gpac

  1. Vendors
  2. Gpac

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Gpac product.

RSS Feeds for Gpac security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Gpac products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Gpac Sorted by Most Security Vulnerabilities since 2018

Gpac376 vulnerabilities

Gpac Mp4box33 vulnerabilities

By the Year

In 2026 there have been 36 vulnerabilities in Gpac with an average score of 5.6 out of ten. Last year, in 2025 Gpac had 6 security vulnerabilities published. That is, 30 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.61




Year Vulnerabilities Average Score
2026 36 5.59
2025 6 6.20
2024 17 6.90
2023 84 6.76
2022 98 6.20
2021 116 6.75
2020 9 5.50
2019 23 7.03
2018 3 9.80

It may take a day or so for new Gpac vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Gpac Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-55659 Jun 09, 2026
GPAC MP4Box v2.4 NULL PTR DoS via Crafted MP4 (ctts_box_write) A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-55658 Jun 09, 2026
GPAC MP4Box v2.4 FP Exception DoS via gf_opus_parse_packet_header GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
Mp4box
CVE-2025-52293 Jun 09, 2026
Segmentation Fault in GPAC MP4Box v2.4 Fails via HEVC SPS causing DoS A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.
Mp4box
CVE-2025-52292 Jun 09, 2026
GPAC MP4Box v2.4 Stack Buffer Overflow (DoS) A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-55657 Jun 09, 2026
GPAC MP4Box v2.4 NULL ptr deref in gf_odf_vvc_cfg_write_bs causes DoS A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-55651 Jun 09, 2026
GPAC MP4Box v2.4 NULL pointer in gf_isom_get_user_data_count causes DoS A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
CVE-2025-60477 Jun 03, 2026
GPAC MP4Box <=26.02.0 NULL Ptr Deref DoS via gf_filter_pid_resolve_file A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
Mp4box
CVE-2025-60481 Jun 01, 2026
GPAC MP4Box NULL Deref in gf_odf_ac4_cfg_dsi_v1 (26.02.0) DoS A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
Mp4box
CVE-2025-60495 Jun 01, 2026
GPAC MP4Box <26.02.0 DoS via gf_media_get_color_info segfault A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted data file.
Mp4box
CVE-2025-60485 Jun 01, 2026
GPAC MP4Box <26.02.0 Segfault in gf_isom_apple_set_tag_ex(DOS) A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Mp4box
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.