CVE-2026-4015

MEDIUM

GPAC 26.03-DEV - Buffer Overflow

Title source: llm

Description

A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue.

References (8)

[Various Sources] https://github.com/gpac/gpac/

[Patch] https://github.com/gpac/gpac/commit/d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5

[Issue Tracking] https://github.com/gpac/gpac/issues/3467

[Issue Tracking] https://github.com/gpac/gpac/issues/3467#issuecomment-3945864390

[Exploit, Third Party Advisory] https://github.com/user-attachments/files/25493992/poc_texml_overflow.py

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.350537

[Permissions Required, VDB Entry] https://vuldb.com/?id.350537

[Permissions Required, VDB Entry] https://vuldb.com/?submit.769797

Scores

CVSS v3 5.3

EPSS 0.0001

EPSS Percentile 2.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-119 CWE-121

Status published

Published Mar 12, 2026

Tracked Since Mar 12, 2026