CVE-2025-60485

Published: Jun 1, 2026

Modified: Jun 1, 2026

PUBLISHED

Description

A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/gpac/gpac/issues/3323

https://github.com/gpac/gpac/commit/4860a1a6f128ccc9ae37b4b738d22029f9672457

https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/52/README.md

https://infosec.exchange/@sigdevel/116662498332150083

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-60485

Description

Affected Products

References