CVE-2025-55650
5.5 MEDIUMA heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Deni...
Published: 2026-06-15 · Last updated: 2026-06-15
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- CWE
- CWE-416
Description
A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2025-55644 — A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Deni... (5.5 MEDIUM)
- CVE-2026-6040 — A heap use-after-free existed when importing the blank-width characters of an ODF number format
- CVE-2026-10634 — Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CON... (4.8 MEDIUM)
- CVE-2026-41158 — Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages (7.8 HIGH)
- CVE-2026-12035 — Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corrupt... (8.8 HIGH)