CVE-2026-4015
MEDIUMGPAC 26.03-DEV - Stack-Based Buffer Overflow in TeXML File Parser
Title source: llmDescription
A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue.
References (8)
Core 8
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.350537
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.350537
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.769797
Issue Tracking issue-tracking
https://github.com/gpac/gpac/issues/3467
Issue Tracking issue-tracking
https://github.com/gpac/gpac/issues/3467#issuecomment-3945864390
Exploit, Third Party Advisory exploit
https://github.com/user-attachments/files/25493992/poc_texml_overflow.py
Various Sources product
https://github.com/gpac/gpac/
Scores
CVSS v3
5.3
EPSS
0.0002
EPSS Percentile
5.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-121
Status
published
Published
Mar 12, 2026
Tracked Since
Mar 12, 2026