CVE-2026-8124
LOWGPAC box_code_base.c sidx_box_read allocation of resources
Title source: cnaDescription
A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The identifier of the patch is 442e2299530138d8f874fd885c565ba98a6318ba. It is suggested to install a patch to address this issue.
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-361914 | GPAC box_code_base.c sidx_box_read allocation of resources
https://vuldb.com/vuln/361914
Signature, Permissions Required signature
permissions-required
VDB-361914 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/361914/cti
Third Party Advisory third-party-advisory
Submit #808611 | gpac latest Denial of Service (DoS)
https://vuldb.com/submit/808611
Exploit exploit
issue-tracking
https://github.com/gpac/gpac/issues/3519
Product product
https://github.com/gpac/gpac/
Scores
CVSS v3
3.3
EPSS
0.0002
EPSS Percentile
6.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
CWE-770
Status
published
Products (2)
None/GPAC
26.02
gpac/gpac
< 26.02.0
Published
May 08, 2026
Tracked Since
May 08, 2026