CVE-2026-1418

MEDIUM 5.3

GPAC SRT Subtitle Import text_to_bifs.c gf_text_import_srt_bifs out-of-bounds write

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The name of the patch is 10c73b82cf0e367383d091db38566a0e4fe71772. It is best practice to apply a patch to resolve this issue.

CWE	CWE-787 CWE-119
Vendor	n/a
Product	gpac
Published	Jan 26, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for n/a gpac

Be the first to know when new medium vulnerabilities affecting n/a gpac are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / GPAC

2.0 2.1 2.2 2.3 2.4.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.342807 vuldb.com: https://vuldb.com/?ctiid.342807 vuldb.com: https://vuldb.com/?submit.736544 github.com: https://github.com/gpac/gpac/issues/3425 github.com: https://github.com/gpac/gpac/issues/3425#issue-3801961068 github.com: https://github.com/enocknt/gpac/commit/10c73b82cf0e367383d091db38566a0e4fe71772 github.com: https://github.com/gpac/gpac/

Credits

🔍 Kery Qi (VulDB User)