Description
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c).
Published: 2026-06-15
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a floating‑point exception triggered in the avidmx_process routine of GPAC MP4Box version 2.4. When the function processes certain video segments, the exception causes the application to crash, resulting in a denial of service for users relying on that tool. This issue is classified as CWE‑369, indicating a divide‑by‑zero or arithmetic error leading to an unstable state.

Affected Systems

GPAC MP4Box software, specifically version 2.4. No other vendor or product versions are listed as affected.

Risk and Exploitability

The CVSS score of 6.5 places the flaw in the medium severity range. The EPSS score of less than 1% indicates a very low probability that this vulnerability will be actively exploited. The CVE does not appear in the CISA KEV catalog. Based on the description, the attack likely requires a malicious MP4 file processed by the vulnerable function, suggesting a localized vector that could be abused in automated processing pipelines or by users who open untrusted media files.

Generated by OpenCVE AI on June 16, 2026 at 22:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade GPAC MP4Box to the latest released version that contains the fix for the avidmx_process floating‑point exception.
  • If an immediate upgrade is not possible, ensure the software runs in a sandboxed environment to contain any crashes.
  • Monitor system logs for repeated segmentation failures or application restarts that may indicate exploitation attempts.

Generated by OpenCVE AI on June 16, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title GPAC MP4Box Floating Point Exception in avidmx_process

Tue, 16 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Gpac
Gpac gpac
CPEs cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*
Vendors & Products Gpac
Gpac gpac

Mon, 15 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-369
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c).
References

Subscriptions

Gpac Gpac
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-15T20:15:29.726Z

Reserved: 2025-08-13T00:00:00.000Z

Link: CVE-2025-55642

cve-icon Vulnrichment

Updated: 2026-06-15T19:21:49.939Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-15T20:16:23.257

Modified: 2026-06-16T17:34:04.100

Link: CVE-2025-55642

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:00:06Z

Weaknesses